Security L3 Engineer

Key Responsibilities:

• Lead advanced incident response, including triage, containment, eradication, and root cause analysis.
• Perform forensic investigations, malware analysis, and threat hunting activities.
• Manage and fine-tune enterprise security solutions: SIEM, EDR, NDR, firewalls, IDS/IPS, DLP, WAF, VPNs, etc.
• Act as a subject matter expert (SME) for escalated security events from L1/L2 teams.
• Review and update runbooks, threat detection rules, and incident response procedures.
• Collaborate with threat intelligence teams to analyze IOCs, TTPs, and emerging threats.
• Perform regular vulnerability assessments and coordinate patch management with IT/DevOps.
• Conduct security reviews of infrastructure, applications, and network architecture.
• Ensure compliance with ISO 27001, NIST, GDPR, PCI-DSS, or other applicable standards.
• Automate security operations and incident response workflows using tools/scripts (e.g., Python, PowerShell).
• Mentor junior engineers and conduct technical training sessions.

Required Skills and Qualifications:

• Bachelor's or Master's degree in Information Security, Computer Science, or related field.
• 510 years of hands-on experience in cybersecurity, with at least 23 years in an L3 or advanced SOC role.
• Expertise in managing and troubleshooting security tools:
• SIEM (Splunk, QRadar, ArcSight, etc.)
• EDR/XDR (CrowdStrike, SentinelOne, Defender ATP)
• Firewalls (Palo Alto, Fortinet, Cisco ASA)
• IDS/IPS, DLP, VPN, NAC, etc.
• Strong knowledge of cyberattack techniques, threat detection, and incident response lifecycle.
• Familiarity with MITRE ATT&CK, Cyber Kill Chain, STIX/TAXII, and YARA rules.
• Proficiency in scripting or automation (Python, Bash, PowerShell).
• Excellent documentation, troubleshooting, and analytical skills.