As companies increasingly adopt digital business models, the generation and sharing of data among organizations, partners, and customers multiply. We play a crucial role in ensuring that our clients are protected by developing transformation strategies focused on security, efficiently integrating and managing new or existing technology systems, and enhancing their cybersecurity investments. As an L3 Analyst/SOC Manager, you will be responsible for overseeing regular operations, driving continuous improvement processes, and managing client and vendor interactions. This role involves managing complex incidents escalating from L2 analysts, operating the Security Incident process, and mentoring junior team members to build a cohesive and motivated unit.
Responsibilities
- Review cybersecurity events analyzed by L2 security analysts, serving as the escalation point for detection, response, and remediation activities. Monitor and guide the team in triaging cybersecurity events, prioritizing, and recommending/performing response measures. Provide technical support for IT teams in response and remediation activities for escalated cybersecurity events/incidents. Follow up on cybersecurity incident tickets until closure. Guide L1 and L2 analysts in analyzing events and response activities.
- Expedite cyber incident response and remediation activities when delays occur, coordinating with L1 and L2 team members. Review and provide suggestions for information security policies and best practices in client environments.
- Ensure compliance with SLAs and contractual requirements, maintaining effective communication with stakeholders. Review and share daily, weekly, and monthly dashboard reports with relevant stakeholders. Update and review documents, playbooks, and standard operational procedures.
- Validate and update client systems and IT infrastructure documentation. Share knowledge on current security threats, attack patterns, and tools with team members. Create and review new use cases based on evolving attack trends. Analyze and interpret Windows, Linux OS, firewall, web proxy, DNS, IDS, and HIPS log events. Develop and maintain threat detection rules, parsers, and use cases.
- Understand security analytics and flows across SaaS applications and cloud computing tools. Validate use cases through selective testing and logic examination. Maintain continuous improvement processes and build/groom teams over time. Develop thought leadership within the SOC.
Mandatory skill sets
Bachelor s degree (minimum requirement). 3 years of experience in SOC operations. Experience analyzing malicious traffic and building detections.
Experience in application security, network security, and systems security. Knowledge of security testing tools (e.g., BurpSuite, Mimikatz, Cobalt Strike, PowerSploit, Metasploit, Nessus, HP Web Inspect). Proficiency in common programming and scripting languages (Python, PowerShell, Ruby, Perl, Bash, JavaScript, VBScript). Familiarity with cybersecurity frameworks and practices (OWASP, NIST CSF, PCI DSS, NYDFS). Experience with traditional security operations, event monitoring, and SIEM tools. Knowledge of MITRE or similar frameworks and procedures used by adversaries. Ability to develop and maintain threat detection rules and use cases.
Preferred skill sets
- Strong communication skills, both written and oral
- Experience with SMB and large enterprise clients
- Good understanding of ITIL processes (Change Management, Incident Management, Problem Management)
- Strong expertise in multiple SIEM tools and other SOC environment devices
- Knowledge of firewalls, IDS/IPS, AVI, EDR, Proxy, DNS, email, AD, etc
- Understanding of raw log formats of various security devices
- Foundational knowledge of networking concepts (TCP/IP, LAN/WAN, Internet network topologies)
- Relevant certifications (CEH, CISA, CISM, etc)
- Strong work ethic and time management skills
- Coachability and dedication to consistent improvement
- Ability to mentor and encourage junior teammates
- Knowledge of regex and parser creation
- Ability to deploy SIEM solutions in customer environments
Years of experience required
3 years
Education qualification
B.Tech
Education
Degrees/Field of Study required Bachelor of Engineering, Bachelor of Technology, MBA (Master of Business Administration)
Degrees/Field of Study preferred
Required Skills
SoCs
Accepting Feedback, Accepting Feedback, Active Listening, Analytical Thinking, Cloud Security, Communication, Conducting Research, Creativity, Cyber Defense, Cyber Threat Intelligence, Embracing Change, Emotional Regulation, Empathy, Encryption, Inclusion, Information Security, Intellectual Curiosity, Intelligence Analysis, Intelligence Report, Intrusion Detection, Intrusion Detection System (IDS), IT Operations, Learning Agility, Malware Analysis, Malware Detection Tools {+ 16 more}
No
