SOC Analyst – Level 3
Positions
SOC Analyst – Level 3
Employment:
Full-time
Setup:
WFH
We are seeking an experienced and highly skilled Security Operations Center (SOC) Analyst Level 3 to join our cybersecurity team. As a SOC Analyst Level 3, you will take a lead role in managing and responding to complex and high-severity security incidents, providing expert-level analysis, and guiding the organization’s overall security operations. You will also be responsible for threat intelligence analysis, incident response coordination, and mentoring junior SOC staff. This role requires a deep understanding of cybersecurity, threat detection, incident response, and advanced security tools.
Key Responsibilities
Lead Incident Response: Take the lead on high-severity and complex security incidents, conducting in-depth investigations, coordinating response efforts, and ensuring timely resolution. Escalate incidents to the appropriate stakeholders when necessary.
Advanced Threat Detection: Utilize advanced techniques and security tools to identify, analyze, and mitigate sophisticated threats such as advanced persistent threats (APTs), zero-day exploits, and malware campaigns.
Threat Intelligence Analysis: Lead threat intelligence efforts by gathering, analyzing, and applying actionable intelligence to enhance detection capabilities, improve the organization’s security posture, and identify emerging threats.
Mentorship and Training: Provide guidance, mentorship, and training to SOC Level 1 and Level 2 analysts, fostering a collaborative environment for knowledge sharing and skills development.
Root Cause Analysis and Reporting: Conduct thorough root cause analysis on major security incidents, documenting findings, identifying vulnerabilities, and proposing preventive measures. Prepare detailed reports for senior management and stakeholders.
Security Tool Optimization and Customization: Lead efforts to optimize and fine-tune security tools and technologies, including SIEM (Security Information and Event Management), IDS/IPS, endpoint detection and response (EDR), and other security monitoring tools to improve threat detection and incident response.
Develop and Enhance Playbooks: Develop, refine, and update incident response playbooks and standard operating procedures (SOPs) to ensure an effective, consistent response to evolving threats.
Cross-Functional Collaboration: Work closely with other security teams (e.g., Threat Hunting, Vulnerability Management, and IT Operations) to ensure comprehensive threat mitigation and security best practices are implemented across the organization.
Compliance and Risk Management: Ensure that the organization's security operations comply with relevant regulatory standards and frameworks (e.g., GDPR, HIPAA, PCI-DSS). Contribute to audits, risk assessments, and compliance reporting.
Continuous Improvement: Continuously review and enhance security practices, tools, and processes to stay ahead of emerging threats and challenges. Advocate for the adoption of new security technologies and methodologies.
Incident Communications: Provide timely, clear, and concise communication to senior leadership and relevant stakeholders during active incidents, ensuring they are aware of the situation and response actions.
Requirements
Education: Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent work experience). Master’s degree is a plus.
Certifications: Industry-recognized certifications such as Certified Information Systems Security Professional (CISSP), Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), GIAC Security Expert (GSE), or equivalent are strongly preferred.
Minimum of 4-5 years of experience in cybersecurity, with at least 2 years in a SOC environment.
Extensive experience with advanced security tools and technologies, such as SIEM (Splunk, QRadar, ArcSight), EDR, IDS/IPS, and threat intelligence platforms.
Proven track record in managing and responding to high-severity security incidents and conducting root cause analysis.
Experience in threat hunting, malware analysis, and reverse engineering is highly desirable.
Experience with scripting (Python, PowerShell, Bash) and automation to improve incident response and analysis workflows.
Expertise in security concepts, including intrusion detection, endpoint protection, vulnerability management, and network security.
Strong understanding of security protocols, encryption, and network traffic analysis (TCP/IP, DNS, HTTP/S, etc.).
In-depth knowledge of threat intelligence sources, attack vectors, and tactics, techniques, and procedures (TTPs) used by advanced threat actors.
Familiarity with security frameworks and standards (NIST, MITRE ATT&CK, ISO 27001, etc.).
Experience with cloud security (AWS, Azure, GCP) and container security is a plus.
Strong leadership and communication skills with the ability to clearly articulate complex technical issues to both technical and non-technical stakeholders.
Excellent problem-solving, critical thinking, and analytical abilities.
Ability to work under pressure and manage multiple high-priority tasks simultaneously.
Strong mentoring and coaching abilities to help develop junior staff and build a collaborative team environment.
Hands-on experience with Tanium and CrowdStrike for endpoint security, threat detection, and investigation
