4309 Soc Jobs - Page 8

Level: L3 The SOC L3 Analyst cum Shift Incident Manager plays a dual role: as a senior technical expert, handling complex security incidents and as the shift lead responsible for managing SOC operations during their assigned shift. This role is critical in ensuring 24x7 incident response, operational continuity, and escalation governance. Investigate and resolve escalated security incidents from L1 and L2 analysts. Perform deep-dive forensic analysis, triage, and root cause analysis (RCA) for critical and high-severity incidents Monitor the health and performance of SIEM infrastructure and security sensors. Tune and manage SIEM rules, correlation logic, and detection use cases. Coordinate wi...

Level: L1+L2 A level one (L1) Security Operation Center (SOC) analyst performs several activities in addition to the monitoring activity: Monitor security alerts Participate in use case and rule workshops Participate in rule tuning sessions Participate in response procedure workshops Participate in lessons learned workshops Participate in education sessions as needed Shift meetings (typically start and end of shift) Record key metrics (auto or manual) to document: Response time - Handle time - Cycle time - Quality - Error rates - Feedback Review threat intelligence briefs Maintain and manage skills development plans Shift turnover / handover during SI A level two (L2) Security Operation Cent...

Level: L1+L2 A level one (L1) Security Operation Center (SOC) analyst performs several activities in addition to the monitoring activity: Monitor security alerts Participate in use case and rule workshops Participate in rule tuning sessions Participate in response procedure workshops Participate in lessons learned workshops Participate in education sessions as needed Shift meetings (typically start and end of shift) Record key metrics (auto or manual) to document: Response time - Handle time - Cycle time - Quality - Error rates - Feedback Review threat intelligence briefs Maintain and manage skills development plans Shift turnover / handover during SI A level two (L2) Security Operation Cent...

Level: L1+L2 A level one (L1) Security Operation Center (SOC) analyst performs several activities in addition to the monitoring activity: Monitor security alerts Participate in use case and rule workshops Participate in rule tuning sessions Participate in response procedure workshops Participate in lessons learned workshops Participate in education sessions as needed Shift meetings (typically start and end of shift) Record key metrics (auto or manual) to document: Response time - Handle time - Cycle time - Quality - Error rates - Feedback Review threat intelligence briefs Maintain and manage skills development plans Shift turnover / handover during SI A level two (L2) Security Operation Cent...

Level: L1+L2 A level one (L1) Security Operation Center (SOC) analyst performs several activities in addition to the monitoring activity: Monitor security alerts Participate in use case and rule workshops Participate in rule tuning sessions Participate in response procedure workshops Participate in lessons learned workshops Participate in education sessions as needed Shift meetings (typically start and end of shift) Record key metrics (auto or manual) to document: Response time - Handle time - Cycle time - Quality - Error rates - Feedback Review threat intelligence briefs Maintain and manage skills development plans Shift turnover / handover during SI A level two (L2) Security Operation Cent...

Level: L1+L2 A level one (L1) Security Operation Center (SOC) analyst performs several activities in addition to the monitoring activity: Monitor security alerts Participate in use case and rule workshops Participate in rule tuning sessions Participate in response procedure workshops Participate in lessons learned workshops Participate in education sessions as needed Shift meetings (typically start and end of shift) Record key metrics (auto or manual) to document: Response time - Handle time - Cycle time - Quality - Error rates - Feedback Review threat intelligence briefs Maintain and manage skills development plans Shift turnover / handover during SI A level two (L2) Security Operation Cent...

Level - L3 The SOC Manager is the operational and strategic leader of the Security Operations Center. This role is responsible for managing people, processes, and technologies to ensure the SOC delivers effective threat detection, incident response, and continuous improvement. The SOC Manager reports to Head of CDC and acts as the bridge between technical teams and business stakeholders Lead and mentor SOC staff across L1, L2, and L3 tiers Oversee hiring, onboarding, training, certification and performance evaluations Coordinate 24x7 shift coverage and ensure readiness for high-severity incidents Manage day-to-day SOC operations, including alert triage, incident escalation, and response coor...

Level - L3 The SOC Manager is the operational and strategic leader of the Security Operations Center. This role is responsible for managing people, processes, and technologies to ensure the SOC delivers effective threat detection, incident response, and continuous improvement. The SOC Manager reports to Head of CDC and acts as the bridge between technical teams and business stakeholders Lead and mentor SOC staff across L1, L2, and L3 tiers Oversee hiring, onboarding, training, certification and performance evaluations Coordinate 24x7 shift coverage and ensure readiness for high-severity incidents Manage day-to-day SOC operations, including alert triage, incident escalation, and response coor...

Level - L3 The SOC Manager is the operational and strategic leader of the Security Operations Center. This role is responsible for managing people, processes, and technologies to ensure the SOC delivers effective threat detection, incident response, and continuous improvement. The SOC Manager reports to Head of CDC and acts as the bridge between technical teams and business stakeholders Lead and mentor SOC staff across L1, L2, and L3 tiers Oversee hiring, onboarding, training, certification and performance evaluations Coordinate 24x7 shift coverage and ensure readiness for high-severity incidents Manage day-to-day SOC operations, including alert triage, incident escalation, and response coor...

Level - L3 The SOC Manager is the operational and strategic leader of the Security Operations Center. This role is responsible for managing people, processes, and technologies to ensure the SOC delivers effective threat detection, incident response, and continuous improvement. The SOC Manager reports to Head of CDC and acts as the bridge between technical teams and business stakeholders Lead and mentor SOC staff across L1, L2, and L3 tiers Oversee hiring, onboarding, training, certification and performance evaluations Coordinate 24x7 shift coverage and ensure readiness for high-severity incidents Manage day-to-day SOC operations, including alert triage, incident escalation, and response coor...

Level - L3 The SOC Manager is the operational and strategic leader of the Security Operations Center. This role is responsible for managing people, processes, and technologies to ensure the SOC delivers effective threat detection, incident response, and continuous improvement. The SOC Manager reports to Head of CDC and acts as the bridge between technical teams and business stakeholders Lead and mentor SOC staff across L1, L2, and L3 tiers Oversee hiring, onboarding, training, certification and performance evaluations Coordinate 24x7 shift coverage and ensure readiness for high-severity incidents Manage day-to-day SOC operations, including alert triage, incident escalation, and response coor...

Level : L3 The AI and Automation Lead is responsible for embedding intelligence, efficiency, and scalability into Security Operations Centers (SOCs) by leveraging AI, GenAI, and automation platforms like Microsoft Sentinel, Azure Logic Apps, and Kyndryl Bridge. This role is pivotal in driving transformation, SLA adherence, and operational excellence across global security operations 1. Design and implement AI models for threat detection, behavioural analytics, and anomaly detection using Microsoft Native Tools and Kyndryl Bridge. 2. Integrate GenAI into SOC workflows for predictive threat modelling, incident summarization, and automated RCA generation 3. Lead the development of agentic AI sy...

Level : L3 The AI and Automation Lead is responsible for embedding intelligence, efficiency, and scalability into Security Operations Centers (SOCs) by leveraging AI, GenAI, and automation platforms like Microsoft Sentinel, Azure Logic Apps, and Kyndryl Bridge. This role is pivotal in driving transformation, SLA adherence, and operational excellence across global security operations 1. Design and implement AI models for threat detection, behavioural analytics, and anomaly detection using Microsoft Native Tools and Kyndryl Bridge. 2. Integrate GenAI into SOC workflows for predictive threat modelling, incident summarization, and automated RCA generation 3. Lead the development of agentic AI sy...

Level : L3 The AI and Automation Lead is responsible for embedding intelligence, efficiency, and scalability into Security Operations Centers (SOCs) by leveraging AI, GenAI, and automation platforms like Microsoft Sentinel, Azure Logic Apps, and Kyndryl Bridge. This role is pivotal in driving transformation, SLA adherence, and operational excellence across global security operations 1. Design and implement AI models for threat detection, behavioural analytics, and anomaly detection using Microsoft Native Tools and Kyndryl Bridge. 2. Integrate GenAI into SOC workflows for predictive threat modelling, incident summarization, and automated RCA generation 3. Lead the development of agentic AI sy...

Level : L3 The AI and Automation Lead is responsible for embedding intelligence, efficiency, and scalability into Security Operations Centers (SOCs) by leveraging AI, GenAI, and automation platforms like Microsoft Sentinel, Azure Logic Apps, and Kyndryl Bridge. This role is pivotal in driving transformation, SLA adherence, and operational excellence across global security operations 1. Design and implement AI models for threat detection, behavioural analytics, and anomaly detection using Microsoft Native Tools and Kyndryl Bridge. 2. Integrate GenAI into SOC workflows for predictive threat modelling, incident summarization, and automated RCA generation 3. Lead the development of agentic AI sy...

Level : L3 The AI and Automation Lead is responsible for embedding intelligence, efficiency, and scalability into Security Operations Centers (SOCs) by leveraging AI, GenAI, and automation platforms like Microsoft Sentinel, Azure Logic Apps, and Kyndryl Bridge. This role is pivotal in driving transformation, SLA adherence, and operational excellence across global security operations 1. Design and implement AI models for threat detection, behavioural analytics, and anomaly detection using Microsoft Native Tools and Kyndryl Bridge. 2. Integrate GenAI into SOC workflows for predictive threat modelling, incident summarization, and automated RCA generation 3. Lead the development of agentic AI sy...

Level : L3 The Cloud Security and DLP SME is responsible for managing and optimizing DLP policies across endpoints, cloud services, Web, Network and collaboration platforms: Review and fine-tune existing DLP policies to reduce false positives and improve detection accuracy. Collaborate with Customer business stakeholder and cross functional tower leads to identify new policy requirements and prioritize them in the DLP backlog Implement policy changes through structured change management processes Monitor and triage high and critical severity DLP alerts on a daily basis (typically 8x5 coverage) Investigate incidents, validate true positives, and escalate as needed to SOC or compliance teams. ...

Level : L3 The Cloud Security and DLP SME is responsible for managing and optimizing DLP policies across endpoints, cloud services, Web, Network and collaboration platforms: Review and fine-tune existing DLP policies to reduce false positives and improve detection accuracy. Collaborate with Customer business stakeholder and cross functional tower leads to identify new policy requirements and prioritize them in the DLP backlog Implement policy changes through structured change management processes Monitor and triage high and critical severity DLP alerts on a daily basis (typically 8x5 coverage) Investigate incidents, validate true positives, and escalate as needed to SOC or compliance teams. ...

Level : L3 The Cloud Security and DLP SME is responsible for managing and optimizing DLP policies across endpoints, cloud services, Web, Network and collaboration platforms: Review and fine-tune existing DLP policies to reduce false positives and improve detection accuracy. Collaborate with Customer business stakeholder and cross functional tower leads to identify new policy requirements and prioritize them in the DLP backlog Implement policy changes through structured change management processes Monitor and triage high and critical severity DLP alerts on a daily basis (typically 8x5 coverage) Investigate incidents, validate true positives, and escalate as needed to SOC or compliance teams. ...

Level : L3 The Cloud Security and DLP SME is responsible for managing and optimizing DLP policies across endpoints, cloud services, Web, Network and collaboration platforms: Review and fine-tune existing DLP policies to reduce false positives and improve detection accuracy. Collaborate with Customer business stakeholder and cross functional tower leads to identify new policy requirements and prioritize them in the DLP backlog Implement policy changes through structured change management processes Monitor and triage high and critical severity DLP alerts on a daily basis (typically 8x5 coverage) Investigate incidents, validate true positives, and escalate as needed to SOC or compliance teams. ...

Level : L3 The Cloud Security and DLP SME is responsible for managing and optimizing DLP policies across endpoints, cloud services, Web, Network and collaboration platforms: Review and fine-tune existing DLP policies to reduce false positives and improve detection accuracy. Collaborate with Customer business stakeholder and cross functional tower leads to identify new policy requirements and prioritize them in the DLP backlog Implement policy changes through structured change management processes Monitor and triage high and critical severity DLP alerts on a daily basis (typically 8x5 coverage) Investigate incidents, validate true positives, and escalate as needed to SOC or compliance teams. ...

Level : L3 Continuously monitor endpoint telemetry for Indicators of Attack (IOAs) and Indicators of Compromise (IOCs). Validate and triage alerts generated by Falcon Insight, and escalate confirmed threats to L2/L3 SOC teams Use Real Time Response (RTR) to investigate and remediate threats directly on endpoints without disrupting operations Assist in troubleshooting sensor-related issues, including log collection and root cause analysis Raise and manage support cases with CrowdStrike for unresolved technical problems Maintain documentation of known issues, fixes, and deployment best practices. Conduct proactive threat hunting using Falcons historical and real-time data. Leverage CrowdStrike...

Level : L3 Continuously monitor endpoint telemetry for Indicators of Attack (IOAs) and Indicators of Compromise (IOCs). Validate and triage alerts generated by Falcon Insight, and escalate confirmed threats to L2/L3 SOC teams Use Real Time Response (RTR) to investigate and remediate threats directly on endpoints without disrupting operations Assist in troubleshooting sensor-related issues, including log collection and root cause analysis Raise and manage support cases with CrowdStrike for unresolved technical problems Maintain documentation of known issues, fixes, and deployment best practices. Conduct proactive threat hunting using Falcons historical and real-time data. Leverage CrowdStrike...

Level : L3 Continuously monitor endpoint telemetry for Indicators of Attack (IOAs) and Indicators of Compromise (IOCs). Validate and triage alerts generated by Falcon Insight, and escalate confirmed threats to L2/L3 SOC teams Use Real Time Response (RTR) to investigate and remediate threats directly on endpoints without disrupting operations Assist in troubleshooting sensor-related issues, including log collection and root cause analysis Raise and manage support cases with CrowdStrike for unresolved technical problems Maintain documentation of known issues, fixes, and deployment best practices. Conduct proactive threat hunting using Falcons historical and real-time data. Leverage CrowdStrike...

Level : L3 Continuously monitor endpoint telemetry for Indicators of Attack (IOAs) and Indicators of Compromise (IOCs). Validate and triage alerts generated by Falcon Insight, and escalate confirmed threats to L2/L3 SOC teams Use Real Time Response (RTR) to investigate and remediate threats directly on endpoints without disrupting operations Assist in troubleshooting sensor-related issues, including log collection and root cause analysis Raise and manage support cases with CrowdStrike for unresolved technical problems Maintain documentation of known issues, fixes, and deployment best practices. Conduct proactive threat hunting using Falcons historical and real-time data. Leverage CrowdStrike...