SOC Analyst L3

Job Title:

Job Type:

Job Location:

• WORK FROM NOIDA OFFICE, PLEASE DON'T APPLY IF YOU ARE LOOKING FOR HYBRID OR WORK FROM HOME
• Short notice period or immediate joiners are preferred.

Job Title:

Job Type:

As a Level 3 SOC Analyst, you will lead advanced threat hunting, detection engineering, and incident response planning activities within a 24/7 MSSP environment. You’ll act as a strategic escalation point for complex incidents and bridge threat intelligence, engineering, and client-facing security functions. You will also be responsible for delivering high-impact deliverables, such as Threat Intelligence Digests, Alert Tuning Reports, and Customer-Facing Security Presentations—all aligned to operational SLAs and governance frameworks.

This role requires strong leadership, technical expertise in modern SIEM and EDR platforms (especially Microsoft Sentinel), and experience in executing MSSP service delivery obligations, including IR tabletop exercises, SLA/KPI dashboards, and quarterly threat reviews.

1. Advanced Threat Hunting & Detection Engineering

• Lead targeted threat hunting activities based on hypotheses and threat intelligence using KQL, MITRE ATT&CK, and behavioral analytics.
• Design and develop advanced detection content (Sigma rules, UEBA baselines, custom rules) across SIEM and EDR platforms.
• Identify and close detection gaps through continuous telemetry analysis and logic refinement.
• Coordinate log source visibility reviews, baselining, and high-fidelity use case design.

2. Threat Intelligence & Operational Reporting

• Produce and distribute Weekly Threat Intelligence Digests summarizing current threats, attack trends, and IOCs relevant to customer environments.
• Map observed activities to TTPs and threat actor profiles.
• Maintain threat dashboards and feed integrations to support proactive defense.

3. Alert Tuning & Detection Optimization

• Lead biweekly Alert Tuning efforts to analyze false positives, adjust thresholds, and suppress noisy detections.
• Deliver a formal Biweekly Alert Tuning Report outlining tuning actions, impact assessments, and next steps.
• Collaborate with content authors to implement rule changes and push updates to production environments via controlled change processes.

4. Incident Response Leadership & Crisis Escalation

• Serve as the final escalation point for Priority 1 (P1) or crisis-level incidents, ensuring incident bridge calls, executive reporting, and customer coordination occur within SLA timelines.
• Perform deep-dive investigations into root causes and adversary techniques.
• Own incident post-mortems and RCA (Root Cause Analysis) documentation.
• Ensure compliance with the IR lifecycle from detection to closure, with audit-ready documentation.

5. MSSP Reporting & Executive Briefings

• Prepare and deliver Monthly and Quarterly Security Reports to MSSP clients covering:
• Alert trends, threat landscape updates, SLA/KPI dashboards
• Executive summaries, incident breakdowns, and risk remediation insights
• Present findings to customer stakeholders via scheduled service review meetings and executive briefings.
• Ensure SLA compliance targets are tracked and reported, including MTTD, MTTR, escalation compliance, and false positive rates.

6. IR Tabletop Exercise Management

• Plan, facilitate, and report on Quarterly Incident Response Tabletop Exercises with internal and external stakeholders.
• Develop realistic, role-based tabletop scenarios (ransomware, insider threat, data exfiltration, etc.).
• Deliver Tabletop Exercise Reports with participant feedback, lessons learned, and actionable improvements.

7. SOC Governance & Pre-Onboarding Support

• Contribute to MSSP onboarding by helping define:
• Log source mapping and ingestion validation
• Detection rule baselines, alert taxonomy, and escalation matrix
• Secure communication procedures and SLA/OLA handoff alignment
• Support pre-engagement risk assessments and operational readiness reviews.

1.    Education:

·      Bachelor’s Degree in Cybersecurity, Computer Science, Information Systems, or related field.

·      Master’s Degree is a plus.

2.    Certifications (Preferred):

·      Microsoft Certified: Security Operations Analyst Associate

·      GIAC (GCIA, GCIH, GCFA, GNFA)

·      CompTIA CySA+, CASP+, or equivalent

·      MITRE ATT&CK Defender (MAD) certification is advantageous

3.    Technical Skills:

·      Expert in SIEM technologies (Microsoft Sentinel preferred), KQL, log analysis, and data correlation.

·      Hands-on experience with EDR tools (Defender for Endpoint, CrowdStrike, etc.).

·      Strong knowledge of MITRE ATT&CK, NIST IR lifecycle, and threat modeling.

·      Familiarity with threat intel platforms (MISP, Anomaly, Recorded Future).

·      Understanding of cloud security (Azure, M365, hybrid environments).

4.    Soft Skills:

·      Strong presentation and documentation skills, especially for executive and customer audiences.

·      Proven ability to lead and manage cross-functional engagements (internal & external).

·      Analytical mindset with an investigative approach to threat detection.

·      Ability to work independently in high-pressure and time-sensitive environments.

·      Proven English communication skills supported by professional certifications such as IELTS, TOEIC, or BEC.

·      Ability to write technical and executive-level documentation in English, including reports, presentations, and incident summaries.

·      8-10+ years of experience in cybersecurity operations, with at least 2 years in a Level 2 or Level 3 SOC role.

·      Experience in delivering threat hunts, writing detection content, and handling major security incidents.

·      Prior MSSP experience or customer-facing security role is a significant advantage.