L3 SOC Analyst

L3 SOC Analyst

The L3 SOC Analyst is responsible for advanced threat detection, incident response, and proactivesecurity monitoring in a fast-paced SOC environment. The analyst will work closely with other SOCteam members, security engineers, and stakeholders to ensure the organizations security posture iscontinuously improved. They investigate complex security incidents and provides expert advice formitigating threats and reducing future risks.

Key Responsibilities:

1. Incident Detection and Response:Act as the primary escalation point for L1 and L2 SOC analysts during security incidents. Perform in-depth analysis of security events and incidents using a variety of tools (SIEM,IDS/IPS, EDR, firewalls, etc.). Lead advanced threat hunting activities to identify anomalies and potential threats withinthe network. Execute incident response procedures, including containment, eradication, recovery, andlessons learned.

2. Forensics and Root Cause Analysis:Perform digital forensics and malware analysis to understand the full scope of securityincidents. Investigate security breaches and advanced persistent threats (APT), providing detailed rootcause analysis.

3. Security Tool Management:Fine-tune and optimize security tools such as SIEM, IDS/IPS, and EDR solutions to improvedetection capabilities. Assist with the development and tuning of detection rules, signatures, and alert thresholds.

4. Documentation and Reporting:Create detailed reports of security incidents, including timelines, findings, andrecommendations. Maintain accurate and comprehensive documentation of investigations, threat intelligence,and playbooks for use by the team.

Required Skills and Experience:Experience:7+ years of experience in a SOC environment, with at least 2 years in a senior or L3analyst role.Technical Expertise:Advanced knowledge of cybersecurity principles, incident response, and digital forensics. Hands-on experience with SIEM tools (Google SecOps, Splunk, QRadar, Sentinel etc), IDS/IPS,firewalls, endpoint detection and response (EDR) systems, and malware analysis tools.

Proficiency in scripting languages (Python, PowerShell) for automating SOC tasks (Good tohave). Familiarity with threat intelligence platforms and feeds, as well as IOCs and TTPs (Tactics,Techniques, and Procedures). Strong grasp of operating systems (Windows, Linux, MacOS) and networking protocols andconcepts Problem-solver with excellent communication skills, a deep technical understanding ofsecurity best practices.

Analyze log files from a variety of sources (for example, Individual host logs, network trafficlogs, firewall logs, and intrusion detection system logs) to identify possible threats tonetwork security.

Certifications:Relevant certifications such as CISSP, GCIA, GCIH, OSCP, or CEH. Certifications in administration and threat hunting in Crowdstrike is a plus

Soft Skills:Strong analytical, problem-solving, and communication skills. Ability to work underpressure in high-stakes situations.Preferred Qualifications:Cloud Security:Experience securing cloud environments (AWS, Azure, GCP).Threat Hunting:Proven experience leading threat hunting campaigns.Work Environment:Location:Onsite or remote, depending on organizational policy.Shifts:May involve rotating shifts and on-call availability due to the 24/7 nature of a SOC."