Security L3 Administrator / Engineer – SOC, IAM & PAM

Role Overview

The Security L3 Administrator / Engineer is responsible for advanced administration, monitoring, troubleshooting, and optimization of enterprise security platforms across Security Operations Center (SOC), Identity & Access Management (IAM), and Privileged Access Management (PAM). This role requires deep technical expertise, strong analytical skills, and the ability to independently handle complex security incidents while ensuring compliance, availability, and protection against cyber threats.

Key Responsibilities

Security Operations (SOC)

• Provide L3 support for escalated security alerts, incidents, and investigations.
• Monitor, manage, and optimize SIEM platforms such as Splunk, QRadar, ArcSight, or Microsoft Sentinel.
• Lead incident response, threat hunting, forensic analysis, and root cause analysis for critical security events.
• Design and fine-tune correlation rules, alerts, dashboards, and detection use cases.
• Coordinate with internal and external stakeholders during major security incidents.

Identity & Access Management (IAM)

• Administer and support IAM solutions including Azure AD, Okta, SailPoint, and Ping Identity.
• Manage identity lifecycle processes such as onboarding, offboarding, access provisioning, and de-provisioning.
• Implement and maintain SSO, MFA, and conditional access policies.
• Troubleshoot complex authentication, authorization, and federation issues.
• Ensure secure integration of IAM solutions across on-premises, cloud, and hybrid environments.

Privileged Access Management (PAM)

• Manage and enhance PAM platforms such as CyberArk, BeyondTrust, or Thycotic.
• Secure privileged accounts through vaulting, password rotation, and access approvals.
• Configure session monitoring, recording, and auditing for privileged access.
• Conduct regular access reviews and ensure compliance with privileged access policies.

Security Engineering & Governance

• Implement and enforce security controls aligned with ISO 27001, NIST, GDPR, and other regulatory standards.
• Perform patching, upgrades, hardening, and configuration management of security tools.
• Automate security workflows and operational tasks using PowerShell, Python, or Ansible.
• Collaborate with infrastructure, application, cloud, and network teams to ensure secure system design.
• Maintain detailed documentation, runbooks, SOPs, and incident response procedures.
• Provide technical guidance and mentorship to L1/L2 security analysts.

Primary Skills

• SOC (SIEM, Incident Response, Threat Detection)
• IAM (SSO, MFA, Identity Lifecycle Management)
• PAM (Privileged Access, Vault Management, Session Monitoring)

Required Skills & Qualifications

• 712 years of experience in enterprise security operations and administration.
• Strong hands-on expertise in SOC, IAM, and PAM technologies.
• Deep knowledge of SIEM tools, log analysis, and threat detection methodologies.
• Experience with identity governance, access reviews, and authentication frameworks.
• Proven experience in managing privileged access security in enterprise environments.
• Good understanding of network security, firewalls, IDS/IPS, and security controls.
• Familiarity with cloud platforms (AWS, Azure, GCP) and hybrid architectures.
• Strong problem-solving skills with the ability to handle critical incidents independently.

Preferred Qualifications

• Security certifications such as CISSP, CISM, CEH, CCSP, GIAC.
• IAM/PAM certifications (CyberArk, SailPoint, Okta, Ping).
• Experience with SOAR platforms (Splunk Phantom, Cortex XSOAR).
• Exposure to Zero Trust architecture and modern cloud security practices.
• Knowledge of ITIL processes (Incident, Problem, Change Management).