SOC Analyst 3

Job Responsibilities:

• Monitor, analyze, and interpret security/system logs

  for events, operational irregularities, and potential incidents, and escalate issues to the appropriate teams when necessary.

• Oversee the detection and analysis of security events

  through various input tools and systems (SIEM, IDS/IPS, Firewalls, EDR, etc.).
• Conduct

  Red Team exercises

  to test and evaluate the effectiveness of preventive and monitoring controls in a simulated real-world attack environment, providing actionable feedback to improve defense strategies.
• Provide expert-level support for

  complex system/network exploitation and defense techniques

  , including deterring, identifying, investigating, and responding to system and network intrusions.
• Support in-depth

  malware analysis

  , focusing on both host and network-based threats, conducting log analysis, and performing triage in support of incident response activities.

• Maintain and enhance security technologies

  deployed across the organization, including customizing and fine-tuning SIEM use cases, parsing rules, and security tool configurations based on evolving threat intelligence.

• Monitor and assess the threat and vulnerability landscape

  , staying informed on new security advisories, zero-day vulnerabilities, and emerging threats, taking appropriate action to mitigate risks.
• Continuously

  monitor and triage security alerts

  , managing the escalation queue to ensure swift and efficient incident resolution.

• Monitor and fine-tune SIEM systems

  , improving content, parsing, and overall system maintenance to ensure accurate event correlation and detection of complex threats.

• Oversee security-related events

  in Cloud infrastructure, including IaaS, PaaS, and SaaS environments, responding to and mitigating security incidents in cloud environments.

• Deliver scheduled and ad-hoc reports

  on security posture, incident response outcomes, and security metrics, highlighting key findings, trends, and areas of improvement.
• Provide

  mentorship and guidance to L1 and L2 analysts

  , helping them grow their skills and knowledge of advanced threat detection, incident response, and security technologies.
• Develop and update

  Standard Operating Procedures (SOPs)

  , incident response playbooks, and training documentation to ensure consistent, effective incident handling across all SOC tiers.
• Work through the

  full ticket lifecycle

  , from initial alert detection to final resolution, ensuring thorough documentation, follow-ups, and corrective actions as necessary.

• Generate end-of-shift reports

  , ensuring seamless knowledge transfer to subsequent shifts and maintaining continuity in incident management.

• Perform threat-intelligence research

  to stay up-to-date with emerging attack patterns, vulnerabilities, and threat actor tactics, techniques, and procedures (TTPs).
• Actively participate in

  security forums

  , contributing to the exchange of knowledge and best practices with the wider cybersecurity community.

Job Specifications:

Qualifications:

• Bachelors degree

  in Engineering, Computer Science, Cybersecurity, or closely related coursework in technology disciplines.

• Certifications

  such as CISSP, CEH, CISM, GCIH, GCIA, or other industry-recognized certifications are highly desirable.
• Extensive experience with the following tools and technologies:

• SIEM Tools

  : Splunk, IBM QRadar, SecureOnix, etc.

• Case Management Tools

  : Swimlane, Phantom, ServiceNow, etc.

• EDR Solutions

  : Crowdstrike, SentinelOne, VMware Carbon Black, McAfee, Microsoft Defender ATP, etc.

• Network Analysis Tools

  : Darktrace, FireEye, NetWitness, Panorama, etc.

• Cloud Security

  : AWS, Azure, Google Cloud Platform (GCP), and associated security monitoring tools.

Experience:

• 4+ years of SOC experience

  in progressively responsible roles with expertise in security monitoring, incident response, and threat detection/mitigation.
• Hands-on experience in conducting

  threat-hunting activities

  and

  vulnerability assessments

  .
• Proven ability to handle complex security incidents and effectively collaborate with cross-functional teams to mitigate cyber risks.

Desired Skills:

• In-depth knowledge of

  SOC L1 and L2 responsibilities

  , with the ability to take the lead in complex incident investigations and escalate issues as needed.
• Advanced understanding of

  TCP/IP protocols

  ,

  event log analysis

  , and the ability to interpret logs from various devices and systems.
• Strong understanding of

  Windows

  ,

  Linux

  ,

  networking concepts

  , and the

  interaction between different operating systems and networks

  .
• Experience analyzing

  network traffic

  and utilizing tools like

  Wireshark

  ,

  tcpdump

  , and other packet capture and analysis utilities.
• Advanced understanding of

  security solutions

  like SIEMs, web proxies, EDR, Firewalls, VPNs, multi-factor authentication (MFA), encryption, IPS/IDS, etc.
• Functional knowledge of

  Cloud environments

  , and the specific security risks associated with

  IaaS, PaaS, SaaS

  offerings.
• Ability to

  research IT security issues and products

  , staying up to date with new attack vectors, cybersecurity tools, and evolving threats.
• Solid experience working in a

  TAT-based security incident resolution environment

  , with knowledge of

  ITIL

  and incident response best practices.
• Experience with

  scripting

  (e.g., Python, PERL, PowerShell) for automation, tool customization, and analysis is highly preferred.

• Malware analysis and reverse engineering

  skills are an added advantage.

Personal Attributes:

• Highly

  self-motivated

  and proactive, with the ability to independently manage multiple tasks while maintaining attention to detail.

• Strong communication skills

  , both written and verbal, with the ability to effectively document findings, present reports, and communicate complex technical details to non-technical stakeholders.
• Ability to

  effectively prioritize

  tasks in a high-pressure, time-sensitive environment, with a focus on rapid, efficient incident resolution.
• Strong

  problem-solving skills

  , and a natural inclination to investigate and understand the root cause of security incidents.

• Team player

  , with the ability to work collaboratively with peers, other IT teams, and external partners, ensuring cohesive incident management and response.
• Passion for

  cybersecurity

  , with a keen interest in staying at the forefront of emerging security trends and technologies.