Security L3 Administrator / Engineer (SOC, IAM, PAM)

Security L3 Administrator / Engineer (SOC, IAM, PAM) Role Overview The Security L3 Administrator is responsible for advanced management, troubleshooting, and optimization of enterprise security infrastructure.

This includes Security Operations Center (SOC) monitoring, Identity Access Management (IAM), and Privileged Access Management (PAM) solutions

The role requires deep expertise in security technologies, strong analytical skills, and the ability to resolve complex issues independently while ensuring compliance and resilience against cyber threats

Key Responsibilities - Provide L3 support for escalated security incidents across SOC, IAM, and PAM platforms

- Manage and optimize SIEM tools (Splunk, QRadar, ArcSight, Sentinel) for threat detection and response

- Lead incident response, forensic analysis, and root cause investigations for critical security events

- Administer and enhance IAM solutions (Azure AD, Okta, SailPoint, Ping Identity)

- Manage PAM platforms (CyberArk, BeyondTrust, Thycotic) to secure privileged accounts and sessions

- Implement security policies, access controls, and compliance frameworks (ISO 27001, NIST, GDPR)

- Perform patching, upgrades, and configuration management across security systems

- Automate security workflows using PowerShell, Python, or Ansible

- Collaborate with infrastructure, application, and network teams to ensure secure operations

- Maintain documentation for incident handling, configurations, and security procedures

Required Skills Experience - 712 years of experience in enterprise security administration with strong L3 expertise

- Handson experience with SOC operations, IAM platforms, and PAM solutions

- Strong knowledge of SIEM tools, log analysis, and threat detection methodologies

- Expertise in identity lifecycle management, single signon (SSO), and multifactor authentication (MFA)

- Experience with privileged account security, session monitoring, and vault management

- Familiarity with cloud security (AWS, Azure, GCP) and hybrid environments

- Proficiency in scripting and automation for security operations

- Solid understanding of network security, firewalls, IDS/IPS, and compliance standards

- Ability to lead critical incident resolution and mentor junior analysts

Preferred Qualifications - Certifications: CISSP, CISM, CEH, CCSP, GIAC (SOC focus), CIMP/IAM certifications, CyberArk Certified Trustee

- Experience with SOAR platforms (Splunk Phantom, Palo Alto Cortex XSOAR)

- Exposure to Zero Trust frameworks and cloud IAM/PAM integrations

- Knowledge of ITIL processes for incident, problem, and change management