At Fujitsu, our purpose is to make the world more sustainable by building trust in society through innovation. Founded in Japan in 1935, Fujitsu has been a pioneer in technology and innovation for decades. Today, as a world-leading digital transformation partner, we are committed to transforming business and society in the digital age.

With approximately 130,000 employees across over 50 countries, Fujitsu offers a broad range of products, services, and solutions. We collaborate with our customers to co-create solutions that drive enterprise-wide digitalization while actively working to address social issues and contribute to the United Nations Sustainable Development Goals (SDGs).

Role: SOC Analyst 

Responsible for real-time monitoring, triage, investigation, and escalation of security incidents in a 24×7 SOC environment.

Key Responsibilities

• Perform continuous monitoring and alert triage from SIEM, EDR, and security tools
• Classify alerts into true positive / false positive / benign with documented evidence
• Conduct log-based investigations across endpoints, network, identity, and cloud sources
• Map observed activity to MITRE ATT&CK techniques and identify potential attack paths
• Escalate incidents with full context (timeline, impacted assets, severity, recommended actions)
• Maintain incident records in ticketing systems (ServiceNow/Jira) with proper documentation
• Follow defined SOPs, playbooks, and SLAs for response and escalation
• Participate in shift handovers with clear incident status and risks
• Support use-case tuning and false positive reduction
• (L2) Perform deep-dive investigations, threat hunting, and root cause analysis
  
  

Core Skills

Detection & Investigation

• Strong understanding of alert triage lifecycle
• Ability to analyze:
  • Endpoint telemetry (process, registry, command-line)
  • Network logs (DNS, proxy, firewall)
  • Authentication logs (AD, Azure AD, IAM)
    
    

Tools (Hands-on, not exposure)

• SIEM: Microsoft Sentinel / Splunk / QRadar / XSIAM
• EDR/XDR: CrowdStrike / Defender / SentinelOne
• Ticketing: ServiceNow / Jira

Expectation: Ability to query, investigate, and correlate — not just navigate UI

Technical Fundamentals

• Networking: TCP/IP, DNS, HTTP/S, VPN behavior
• OS: Windows Event Logs, Linux logs
• Identity: Authentication flows (Kerberos, NTLM, SSO basics)
  
  

Certifications 

Preferred (not mandatory):

• Microsoft SC-200 (for Sentinel environments)
• CompTIA Security+ / CySA+
• Vendor-specific (CrowdStrike / Palo Alto / SentinelOne) — only if hands-on
  
  

Experience Expectations

• 2-5 years SOC / monitoring experience
• Can independently triage alerts and follow playbook.
• Can perform independent investigation, correlation, and incident validation
• Able to guide analysts and improve detection quality