SOC Analyst- L3

Job Description

The SOC L3 Analyst is a senior-level position responsible for handling the most complex security incidents and providing strategic direction for the SOC team. This role involves leading shifts, mentoring junior analysts, and providing strategic oversight to ensure effective detection, analysis, and response to security incidents. The L3 Analyst will leverage expertise in threat intelligence, use case management, and advanced incident response while ensuring all security measures and processes are efficiently implemented across the organization.

Responsibilities:

Lead the investigation and response to advanced persistent threats (APTs) and complex security incidents.

Develop and manage security use cases, detection rules, and correlations within Microsoft Azure Sentinel and SentinelOne.

Use SentinelOne and Microsoft Azure Sentinel and KQL to correlate logs and identify complex threats.

Use KQL, Python, PowerShell and other query and scripting languages for Incident Response and Threat Hunting activities.

Provide strategic guidance and oversight to L1 and L2 analysts during major incidents and escalations.

Lead SOC shifts, ensuring proper coverage and incident management across 24x7 operations.

Ensure that the SOC team follows proper incident response protocols, escalation procedures, and security policies.

Collaborate with threat hunters to identify new attack patterns and improve detection capabilities.

Review and update the organization's incident response plan, conducting tabletop exercises and post-incident reviews.

Conduct threat intelligence research, share insights, and integrate threat intel into operational security processes.

Provide subject matter expertise on incident response, forensic analysis, and threat hunting.

Assist in the management and optimization of SIEM tools, ensuring maximum efficiency and effectiveness.

Work closely with clients and stakeholders to provide incident analysis, reports, and security recommendations.

Generate regular reports on SOC performance, incident trends, and lessons learned.

Lead, mentor, and train L1 and L2 analysts, enhancing team capabilities and expertise.

Ensure shift documentation is properly maintained, and incidents are tracked and reported using Jira/Manage Engine ITSM.

Qualifications

Bachelor's degree in computer science, Cybersecurity, or a related field.

5+ years of experience in cybersecurity or information security roles, with a focus on incident response and SIEM management.

Hands-on experience with security platforms like Azure Microsoft Sentinel or SentinelOne.

Experience handling complex security incidents, including APTs, malware, and advanced threats.

Strong experience with SIEM and EDR tools, particularly Microsoft Azure Sentinel and SentinelOne.

Expertise in developing and managing use cases and detection rules within SIEM.

Proven experience in leading SOC shifts and managing a 24x7 security operations environment.

Ability to work effectively in a 24x7 shift environment.

Certifications

Certifications such as Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), or Certified Ethical Hacker (CEH) are required.