The SOC Analyst Level 3 is a senior cybersecurity professional responsible for leading advanced security investigations, threat hunting, incident response, and mentoring SOC Level 1 and Level 2 analysts. This role requires deep expertise in security operations, forensics, threat intelligence, and security tool optimization. The Level 3 analyst also collaborates with stakeholders to improve security posture and incident response processes.
This position involves working within a Managed Security Services Provider (MSSP) environment, managing security operations for multiple clients across various industries. You will ensure compliance with Service Level Agreements (SLAs), develop security strategies, and provide expert-level incident handling and response.
Key Responsibilities:
Incident Handling & Response:
- Lead complex security investigations and incident response activities.
- Perform deep-dive forensic analysis, malware analysis, and reverse engineering of security incidents.
- Manage and coordinate incident containment, eradication, and recovery efforts. Conduct root cause analysis and post-incident reviews to improve defenses.
Threat Hunting & Intelligence:
- Conduct proactive threat hunting activities using SIEM, EDR, and other security tools.
- Develop and test hypotheses for threat scenarios based on the latest cyber threat intelligence.
- Utilize threat intelligence feeds to enhance detection capabilities and improve SOC workflows.
Security Tool Optimization & Automation:
- Fine-tune and configure SOC tools, including SIEM, EDR, IDS/IPS, SOAR, and firewalls for optimal performance.
- Develop and automate security processes using scripting (e.g., Python, PowerShell, Bash) and SOAR platforms.
- Identify gaps in security monitoring and implement improvements to enhance detection and response capabilities.
Collaboration & Escalation:
- Act as the escalation point for complex security incidents that Level 1 and Level 2 analysts cannot resolve.
- Collaborate with security architects, network engineers, and IT teams to enhance security controls.
- Work closely with threat intelligence teams to analyze and respond to emerging threats.
Reporting & Documentation:
- Maintain detailed documentation of security incidents, forensic findings, and response actions.
- Generate executive reports and present security insights to management and stakeholders.
- Improve and develop SOC playbooks, workflows, and best practices.
Security Improvement Initiatives:
- Participate in red team/blue team exercises to enhance security preparedness.
- Conduct training sessions and mentorship programs for Level 1 and Level 2 analysts.
- Drive continuous improvement of SOC processes, policies, and incident response methodologies.
SOC Operations & Shift Management:
- Provide leadership and direction during security incidents and crisis situations.
- Participate in SOC shift rotations, including nights, weekends, and holidays.
- Ensure timely response to security incidents while maintaining high-quality incident resolution.
People Skills:
- Strong leadership skills with experience mentoring and training junior analysts.
- Excellent problem-solving and decision-making abilities in high-pressure situations.
- Ability to communicate complex security concepts to both technical and non technical audiences.
- Collaborative mindset, working effectively across teams and departments.
- Strong analytical, research, and documentation skills.
Qualifications:
- Bachelor’s degree in Cybersecurity, Information Technology, or a related field (or equivalent experience).
- 4+ years of experience in security operations, incident response, and cybersecurity analysis.
- Strong understanding of cybersecurity frameworks (MITRE ATT&CK, NIST, ISO 27001).
- Hands-on experience with SIEM, EDR, IDS/IPS, and other security tools.
- Proficiency in scripting languages (Python, PowerShell, Bash) for automation and tool integration.
- Deep knowledge of network security, threat intelligence, digital forensics, and malware analysis.
Gmail
Yahoomail