____________________________________________________________________________ - PLEASE SAVE WHATSAPP # +91 98114 11414 (Ashima)/ 9315248639 (Nishant) - Ashima/ Nishant/Shreedevi is your POC from RexOreo Pvt Ltd. -Queries : All emails will come from id : team@rexoreo.com , so please keep an eye. _____________________________________________________________________________ Top Selection & Auto Elimination Criteria: Only Delhi NCR Candidates Need to apply as we need Only Immediate joiners (0-30 days) Rotational Shift Cab facility : Yes only late night pick or drop(1 side only for Gurgaon Employees) Location : Gurgaon Mode : 5 days work from Office only Relevant experience range 9+ Position : L3 SOC Analyst Experience : 9-14 years Only Current L2/L2+ (more than 2 years) or L3 candidates need to apply Experience in QRadar is mandatory Total Open Positions : 5 EMAIL @ team@rexoreo,com : A VOICE NOTE WHY YOU ARE FIT FOR THIS ROLE ___________________________________________________________________________ Position Description: The SOC Level 3 Analyst is a senior-level cybersecurity professional responsible for leading advanced threat detection, response, and mitigation activities within the Security Operations Center. This role acts as the final escalation point for complex security incidents and plays a crucial role in enhancing security monitoring, incident response procedures, and overall threat defense capabilities. The L3 Analyst collaborates with security engineers, incident response teams, threat intelligence analysts, and IT stakeholders to identify, investigate, and remediate security threats in real-time. Role and responsibilities: 1. Incident Response and Escalation Lead and coordinate end-to-end response for critical and high-severity security incidents. Perform advanced investigation and forensics on compromised systems, including log correlation, packet analysis, and endpoint review. Serve as a primary escalation point for SOC Tier 1 and Tier 2 analysts. Conduct root cause analysis and provide detailed incident reports with lessons learned and mitigation steps. 2. Threat Detection and Analysis Analyze and triage alerts generated by the SIEM and other security tools. Hunt for threats in the environment using threat intelligence and behavioral indicators (proactive threat hunting). Analyze and reverse-engineer malware, if required, to understand behavior and determine mitigation steps. Correlate threat intelligence feeds with internal data to identify indicators of compromise (IOCs) and advanced persistent threats (APTs). 3. Tooling and Automation Optimize and fine-tune detection rules and SIEM use cases to reduce false positives and enhance detection accuracy. Build automation scripts and workflows to improve efficiency in incident triage, correlation, and response. Collaborate with security engineers to integrate new data sources and tools into the SOC ecosystem. 4. Documentation and Reporting Maintain detailed and accurate documentation of incidents, investigations, and actions taken. Develop and update SOC standard operating procedures (SOPs) and playbooks. Prepare and present technical reports, dashboards, and metrics to senior management and stakeholders. 5. Mentorship and Leadership Mentor and guide SOC L1 and L2 analysts on technical skills and investigative processes. Provide training on new threats, tools, and techniques. Assist in evaluating and improving team workflows, processes, and overall SOC maturity. 6. Collaboration and Stakeholder Engagement Work closely with threat intelligence, vulnerability management, and risk teams to stay ahead of emerging threats. Communicate with IT, DevOps, and business units to coordinate responses and ensure secure configurations. Participate in red/blue team exercises and post-mortem reviews to enhance SOC readiness. Required Experience / Skills: Strong expertise with SIEM platforms (e.g., QRadar, Sentinel, LogRhythm , Splunk,). Proficient in EDR and XDR tools (e.g., CrowdStrike, SentinelOne, Carbon Black). Hands-on knowledge of packet capture analysis tools (e.g., Wireshark, tcpdump), forensic tools, and malware analysis tools. Familiarity with scripting or automation languages such as Python, PowerShell, or Bash. Deep understanding of networking protocols, OS internals (Windows/Linux), and security best practices. Familiar with frameworks such as MITRE ATT&CK, NIST, and the Cyber Kill Chain. Minimum of nine (9) years technical experience 7+ years of experience in SOC, security operations, cyber technical analysis, threat hunting, and threat attribution assessment with increasing responsibilities. 3+ years of rule development and tuning experience 2+ years of Incident response Experience supporting 24x7x365 SOC operations and willing to operate in Shifts including but not limited to Alert and notification activities- analysis/triage/response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported alerts and Incidents. Manage multiple tickets/alerts in parallel, including end-user coordination. Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response. Solid understanding and experience analyzing security events generated from security tools and devices not limited to QRadar, MS Sentinel, FireEye, Elastic, SourceFire, Malware Bytes, CarbonBlack/Bit9, Splunk, Prisma Cloud/Compute, Cisco IronPort, BlueCoat Experience and solid understanding of Malware analysis Demonstrated proficiencies with one or more toolsets such as QRadar, MS Sentinel, Bit9/CarbonBlack, Endgame, FireEye HX / CM / ETP, Elastic Kibana Experience and ability to use, contribute, develop and follow Standard Operating Procedures (SOPs) In-depth experience with processing and triage of Security Alerts from multiple sources but not limited to: Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources Experience with scripting languages applied to SOC operations; for example, automating investigations with tools, automating IOC reviews, support SOAR development. Experience with bash, python, and Windows PowerShell scripting Demonstrated experience with triage and resolution of SOC tasks, including but not limited to vulnerability announcements, phishing email review, Tier 1 IR support, SIEM/Security Tools - alert analysis. Demonstrated experience and understanding of event timeline analysis and correlation of events between logs sources. Demonstrated experience with the underlying logs generated by operating systems (Linux/Windows), Network Security Devices, and other enterprise tools. Demonstrated proficiencies with an enterprise SIEM or security analytics solution, including the Elastic Stack or Splunk. Solid understanding and experience analyzing security events generated from security tools and devices not limited to: QRadar, MS Sentinel, Carbon Black, FireEye, Palo Alto, Cylance, and OSSEC Expert in security incident response processes Required Certifications: Two of the following certifications are preferred: GIAC-GCIH Global Certified Incident Handler GIAC-GCFE - Global Information Assurance Certification Forensic Examiner GIAC-GCFA - Global Information Assurance Certification Forensic Analyst GIAC-GREM - GIAC Reverse Engineering Malware GIAC-GNFA - GIAC Network Forensic Analyst GIAC-GCTI - GIAC Cyber Threat Intelligence GIAC-GPen GIAC Certified Penetration Tester GIAC-GWAPT GIAC Certified Web Application Penetration Tester CEPT - Certified Expert Penetration Tester (CEPT) CASS - Certified Application Security Specialist (CASS) CWAPT - Certified Penetration Tester (CWAPT) CREA - Certified Reverse Engineering Analyst (CREA) Qualifications : Bachelors degree in computer science, Information Technology, or a related field. Experience of 5 years or 3 years relevant experience. Strong troubleshooting and problem-solving skills. Excellent communication and interpersonal skills. Ability to work independently and as part of a team. Strong organizational and time management skills. Willingness to work after hours and provide on-call support.
___________________________________________________________________________ - PLEASE SAVE WHATSAPP # +91 98114 11414 (Ashima)/ 9315248639 (Nishant) - Ashima/ Nishant/Shreedevi is your POC from RexOreo Pvt Ltd. -Queries : All emails will come from id : team@rexoreo.com , so please keep an eye. _____________________________________________________________________________ Top Selection & Auto Elimination Criteria: Only Immediate joiners (0-30 days) Candidates Exprienced & Expert in ALL skills mentioned in " Must-Have Technical Skills " below in JD Need to apply Mode : 4 days work from Office , 1 day WFH Relevant experiense range 10+ Years Position : L3 /L4 SOC Architect / Sr. SIEM Engineer Experience : 10-16 years Cab facility : No EMAIL @ team@rexoreo.com : A VOICE NOTE WHY YOU ARE FIT FOR THIS ROLE __________________________________________________ Role Overview Seeking a highly skilled SOC Level 3/4 Analyst with deep, hands-on expertise across SIEM, SOAR, detection engineering, incident response, forensics, and threat hunting . The role involves complex investigation, detection engineering, and mentoring of lower-tier analysts in an enterprise or MSSP environment. Must-Have Technical Skills : SIEM / SOAR Expertise SIEM Engineer• Microsoft Sentinel• FortiSIEM• IBM QRadar• Splunk Enterprise Security• Elastic SIEM• Arcsight • Cortex XSOAR• SOAR automation• Playbook development• Parser development • Correlation rule engineering• Log onboarding• Use case development• Log source integration• Custom connector development Advanced Investigation & Offence Analysis Threat investigation and triage• Offence deep analysis• Incident root cause analysis• Threat hunting • Behavioral analytics (UBA / EUBA)• MITRE ATT&CK mapping• Kill Chain analysis• Diamond Model investigation • TTP-based detection• Correlation and enrichment analysis• Threat intelligence enrichment • Forensic analysis• Memory and disk analysis• Network packet analysis (PCAP)• Lateral movement detection Incident Response / Detection Engineering Incident response• Detection engineering• Alert tuning• Response playbook automation• Runbook development • EDR / XDR integration (CrowdStrike Falcon, SentinelOne, Defender for Endpoint) • IOC extraction• Threat containment automation• DFIR Analytical / Technical Foundation Advanced threat analysis• Log correlation and pattern recognition• Anomaly detection • Python for SOC automation• KQL / SPL queries• PowerShell scripting • Data enrichment and contextual analysis• API-based integration• Cloud-native investigation (Azure / AWS) Cloud / Hybrid Security Knowledge Azure Security Center• Microsoft Defender XDR• AWS GuardDuty• Google Chronicle • Cloud log ingestion• Hybrid log normalization• Azure Sentinel workbooks and rules Good-to-Have / Preferred Technical Skills and Keywords : Architecture & Engineering SOC architecture design• SIEM / SOAR architecture• Multi-tenant SOC engineering • MSSP environment management• High EPS architecture design• Detection lifecycle management Automation & AI Integration AI-driven threat detection• Machine-learning detection models• Automated playbooks • Python-based enrichment automation• Integration with threat intel APIs • Ansible / Power Automate for SOC Threat Intelligence Integration Threat intelligence feed ingestion• MISP / ThreatConnect / Anomali• STIX / TAXII feeds • IOC management• Adversary emulation Governance / Reporting / Communication SOC KPI and metrics reporting• Threat posture reporting• Incident summary preparation • Compliance reporting (ISO 27001, SOC2, PCI DSS) Other Required Skills : Behavioral & Analytical Skills Analytical thinking• Hypothesis-driven threat hunting• Pattern recognition • Problem solving• Critical thinking• Proactive detection and validation Communication, Leadership & Delivery Client-facing technical workshops• SOC implementation training• Runbook and SOP creation • Cross-team coordination (Network, Cloud, ITSM)• Mentoring SOC L1 / L2 teams • Stakeholder communication for SOC deployment Why Join Us Cutting-edge SOC technology exposure • Opportunities for advanced detection engineering and automation projects • Collaboration with elite cyber defense teams and global clients
____________________________________________________________________________ - PLEASE SAVE WHATSAPP # +91 98114 11414 (Ashima)/ 9315248639 (Nishant) - Ashima/ Nishant/Shreedevi is your POC from RexOreo Pvt Ltd. -Queries : All emails will come from id : team@rexoreo.com , so please keep an eye. _____________________________________________________________________________ Top Selection & Auto Elimination Criteria: Only Immediate joiners (0-30 days) Candidates Exprienced & Expert in ALL skills mentioned in " Must-Have Technical Skills " below in JD Need to apply Mode : 4 days work from Office , 1 day WFH Relevant experiense range 10+ Years Position : L3 /L4 SOC Architect / Sr. SIEM Engineer Experience : 10-16 years Cab facility : No EMAIL @ team@rexoreo.com : A VOICE NOTE WHY YOU ARE FIT FOR THIS ROLE ___________________________________________________________________________ Job Title: SOC Level 3/4 Architect, Engineering & End-to-End Deployment Specialist About the Role We are looking for an experienced SOC Level 3/4 Architect and Engineering Specialist to design, build, and deploy next-generation Security Operations Centers (SOC) across enterprise or MSSP environments. This role demands deep expertise in SIEM/SOAR architecture, end-to-end deployment, behavioral analytics, automation, and large-scale optimization . You will be responsible for engineering robust SOC ecosystems, integrating multiple security technologies, and ensuring seamless orchestration across platforms, clouds, and environments. Key Responsibilities Design, engineer, and deploy scalable SOC architectures (single-tenant and multi-tenant). Lead end-to-end SOC implementation from SIEM/SOAR setup, onboarding, parser development, and correlation rule creation to performance tuning and operational handover. Architect and execute SOC automation and orchestration frameworks. Manage high-EPS environments, platform migrations, and modernization initiatives. Develop detection use cases, correlation logic, dashboards, and executive reports. Integrate UEBA/EUBA and behavioral analytics for advanced threat detection. Implement and maintain SOC health monitoring, diagnostics, and performance tuning. Drive cross-team collaboration (Cloud, Network, Threat Intel, ITSM) to ensure full-stack visibility. Provide technical mentorship to SOC Level 1/2 teams and support delivery excellence. Document architectures, blueprints, SOPs, and operational workflows for ongoing governance. Must-Have Technical Skills : SOC Architect / SOC Engineering Lead / SIEM Architect / SOAR Architect / SOC Platform Engineer End-to-end SIEM deployment, SOC implementation specialist SOC automation and orchestration Multi-tenant SOC architecture and MSSP SOC design High EPS optimization, SOC migration, and modernization SIEM architecture blueprint and SOC health monitoring framework SIEM Implementation, Onboarding & Parsing Microsoft Sentinel deployment, FortiSIEM implementation, IBM QRadar engineering, Splunk Enterprise Security deployment, Elastic SIEM SIEM onboarding and parser creation Log source integration and mapping, custom parser development Field extraction and normalization, custom connector / API ingestion Correlation rule creation and tuning, alert noise reduction SIEM content optimization, event pipeline monitoring and troubleshooting SOAR Orchestration & Automation SOAR Engineer / Architect Cortex XSOAR, FortiSOAR, Microsoft Sentinel Automation Playbook design and customization, runbook automation Incident response workflow automation Custom connector development, integration with ITSM tools (ServiceNow, Jira) Threat enrichment automation, SOAR troubleshooting and optimization Python scripting for SOAR EUBA / Behavioral Analytics User and Entity Behavior Analytics (UEBA/EUBA) configuration and tuning Behavior analytics modeling and insider threat detection Behavioral anomaly detection and adaptive thresholding Risk scoring models and entity context correlation MITRE ATT&CK mapping for behavioral analysis Content Management (Use Cases, Rules, Detections) Detection engineering and use case development Detection rule lifecycle management and rationalization MITRE ATT&CKbased content design TTP and IOC-based correlation Detection optimization and enrichment using threat intel SOC use case library management Dashboards, Reporting & Visualization SOC dashboard creation Microsoft Sentinel workbooks, Splunk dashboards and reports SOC KPI and SLA reporting Threat visibility dashboards, executive and operational reports KQL and SPL query optimization Compliance dashboards Troubleshooting, Optimization & Platform Health SIEM troubleshooting and diagnostics Parser and connector troubleshooting Playbook debugging and optimization Platform performance tuning and alert latency troubleshooting EPS load balancing and data quality validation Pipeline health monitoring SOAR / SIEM connector health management Technical Language, Tools & Querying Python and PowerShell scripting KQL (Kusto Query Language), SPL (Splunk Processing Language), Regex for parsing API integration and JSON handling Linux and Windows log analysis Azure, AWS, and GCP security monitoring Containerized SOC setup (Docker, Kubernetes) DevOps for SOC (Terraform, CI/CD) Good-to-Have / Preferred Technical Skills: SOC Architecture & Design Consulting SOC design documentation End-to-end SOC blueprint creation SOC consulting and optimization SOC maturity roadmap design SOC process automation and orchestration SOC onboarding framework SOC service scalability planning Cloud, DevOps & Automation Azure Logic Apps integration Terraform for SOC deployment Ansible automation in SOC CI/CD pipeline for playbooks Infrastructure as Code (IaC) for SOC setup Cloud-native SOC deployment (Azure, AWS, GCP) Threat Intelligence & Detection Integration Threat intel feed integration STIX/TAXII feed ingestion IOC enrichment and correlation ThreatConnect / MISP / Anomali Adversary emulation and simulation Threat hunting automation with SOAR Detection Engineering & Analytics Threat hunting hypothesis development Data science-driven detections Behavioral model validation Detection efficiency metrics (MTTD, MTTR) Anomaly-based detection tuning Other Required Skills : Security Frameworks & Governance MITRE ATT&CK, NIST, Cyber Kill Chain SOC2, ISO 27001, PCI DSS compliance Regulatory and audit reporting SOC KPI / KRI dashboards Operational process documentation Communication, Leadership & Delivery Client-facing technical workshops SOC implementation training Runbook and SOP creation Cross-team coordination (Network, Cloud, ITSM) Mentoring SOC L1/L2 teams Stakeholder communication for SOC deployment Experience & Qualifications Experience: 815 years in SOC architecture, engineering, or platform deployment. Expertise: Hands-on leadership in at least two SIEM/SOAR platforms (Sentinel, Splunk, QRadar, FortiSIEM/FortiSOAR, etc.). Technical Strength: Proven experience in automation (Python, PowerShell), parser creation, rule tuning, and cross-platform integration. Projects: Demonstrated success in SOC modernization, migration, and large-scale deployment. Education: Bachelors or Masters in Computer Science, Information Security, or related discipline. Certifications (Preferred): Microsoft Sentinel Expert, Splunk Architect, Fortinet NSE, CISSP, GCIA, GCTI, or equivalent.