The SOC Analyst Level 3 is a senior cybersecurity professional responsible for leading advanced security investigations, threat hunting, incident response, and mentoring SOC Level 1 and Level 2 analysts. This role requires deep expertise in security operations, forensics, threat intelligence, and security tool optimization. The Level 3 analyst also collaborates with stakeholders to improve security posture and incident response processes.
This position involves working within a Managed Security Services Provider (MSSP) environment, managing security operations for multiple clients across various industries. You will ensure compliance with Service Level Agreements (SLAs), develop security strategies, and provide expert-level incident handling and response.
Key Responsibilities:
Incident Handling & Response:
- Lead complex security investigations and incident response activities.
- Perform deep-dive forensic analysis, malware analysis, and reverse engineering of security incidents.
- Manage and coordinate incident containment, eradication, and recovery efforts. Conduct root cause analysis and post-incident reviews to improve defenses.
Threat Hunting & Intelligence:
- Conduct proactive threat hunting activities using SIEM, EDR, and other security tools.
- Develop and test hypotheses for threat scenarios based on the latest cyber threat intelligence.
- Utilize threat intelligence feeds to enhance detection capabilities and improve SOC workflows.
Security Tool Optimization & Automation:
- Fine-tune and configure SOC tools, including SIEM, EDR, IDS/IPS, SOAR, and firewalls for optimal performance.
- Develop and automate security processes using scripting (e.g., Python, PowerShell, Bash) and SOAR platforms.
- Identify gaps in security monitoring and implement improvements to enhance detection and response capabilities.
Collaboration & Escalation:
- Act as the escalation point for complex security incidents that Level 1 and Level 2 analysts cannot resolve.
- Collaborate with security architects, network engineers, and IT teams to enhance security controls.
- Work closely with threat intelligence teams to analyze and respond to emerging threats.
Reporting & Documentation:
- Maintain detailed documentation of security incidents, forensic findings, and response actions.
- Generate executive reports and present security insights to management and stakeholders.
- Improve and develop SOC playbooks, workflows, and best practices.
Security Improvement Initiatives:
- Participate in red team/blue team exercises to enhance security preparedness.
- Conduct training sessions and mentorship programs for Level 1 and Level 2 analysts.
- Drive continuous improvement of SOC processes, policies, and incident response methodologies.
SOC Operations & Shift Management:
- Provide leadership and direction during security incidents and crisis situations.
- Participate in SOC shift rotations, including nights, weekends, and holidays.
- Ensure timely response to security incidents while maintaining high-quality incident resolution.
People Skills:
- Strong leadership skills with experience mentoring and training junior analysts.
- Excellent problem-solving and decision-making abilities in high-pressure situations.
- Ability to communicate complex security concepts to both technical and non technical audiences.
- Collaborative mindset, working effectively across teams and departments.
- Strong analytical, research, and documentation skills.
Qualifications:
- Bachelor’s degree in Cybersecurity, Information Technology, or a related field (or equivalent experience).
- 4+ years of experience in security operations, incident response, and cybersecurity analysis.
- Strong understanding of cybersecurity frameworks (MITRE ATT&CK, NIST, ISO 27001).
- Hands-on experience with SIEM, EDR, IDS/IPS, and other security tools.
- Proficiency in scripting languages (Python, PowerShell, Bash) for automation and tool integration.
- Deep knowledge of network security, threat intelligence, digital forensics, and malware analysis.
go to method of application »
We are seeking a skilled and passionate Blue Team Content Creator with hands-on experience working in a Security Operations Center (SOC). The ideal candidate will be responsible for both SOC operations anontent creation, developing immersive defensive exercises within virtual environments.
This role involves simulating real-world threats, designing practical assessments, and creating engaging training content focused on incident response, threat hunting, vulnerability management, and security tooling (SIEM/EDR/IDS).
Key Responsibilities:
- Design attack scenarios mirroring Tactics, Techniques, and Procedures (TTPs) of advanced adversaries.
- Assist in SOC operations as needed and contribute to the enhancement of processes and functions within the SOC.
- Develop and maintain virtual labs with built-in vulnerabilities, logs, and defensive tools (e.g., ELK Stack, Wazuh, Wireshark, Velociraptor).
- Create hands-on exercises and assessments aligned with industry frameworks such as NIST NICE, MITRE ATT&CK, and CIS Controls.
- Develop training material that enhances Blue Team skills, including log analysis, forensics, network monitoring, and security hardening.
- Collaborate with SOC teams, cybersecurity researchers, and instructional designers to ensure engaging and realistic training experiences.
- Stay up to date with emerging threats, security tools, and industry best practices to enhance training content.
Requirements:
- Hands-on experience working in a Security Operations Center (SOC) with a focus on threat detection, response, and mitigation.
- Proven experience in cybersecurity content creation, including cyber labs and threat simulations.
- Strong Blue Team skills, including log analysis, forensic investigation, network monitoring, and system hardening.
- Hands-on experience with security tools, including SIEMs, EDR solutions, IDS/IPS, and forensic utilities.
- Knowledge of adversary TTPs and experience in developing threat simulation exercises.
Qualifications:
- Bachelor's degree in Cybersecurity, Information Technology, or related field, or equivalent work experience.
- 2-4 years of experience in a security operations or similar role.
- Familiarity with virtualization technologies (OpenStack, Docker, VMware).
- Experience in malware reverse engineering, digital forensics, or red teaming techniques.
- Background in cybersecurity education/training roles.
Gmail
Yahoomail