Security Operations Center Analyst

We are seeking a seasoned Level 3 SOC Analyst to play a critical role in leading incident response efforts, supporting the development and maturity of SOC operations, and mentoring junior analysts. As a key member of our Digital Security Group, you will be responsible for advanced threat detection, triage, remediation, and continuous improvement of incident response capabilities and processes.

Key Responsibilities:

• Act as the escalation point for complex security incidents from L1/L2 SOC Analysts, assessing potential business risk and initiating appropriate response strategies.
• Conduct in-depth log analysis across various data sources to uncover Tactics, Techniques, and Procedures (TTPs), malware behavior, and threat actor activity.
• Coordinate closely with SIEM engineers to enhance detection logic, event correlation, alert accuracy, and system performance.
• Develop, refine, and maintain incident response playbooks, recommending automation and efficiency improvements based on incident trends and analysis.
• Lead root cause investigations and participate in post-incident reviews, documenting findings and driving lessons learned.
• Support and guide improvement initiatives within the SOC, including documentation, incident trend analysis, and operational maturity assessments.
• Stay informed of emerging threats, attack vectors, and security technologies, particularly in cloud security and SaaS environments.
• Leverage frameworks such as MITRE ATT&CK and SANS to assess and track threat activity and detection coverage.
• Serve as a subject matter expert (SME), mentoring L1/L2 SOC team members, providing technical guidance, and acting as a resource for escalated incidents.
• Lead coordination of complex incident response engagements and client onboarding projects to ensure a smooth transition into the SOC environment.

Qualifications:

• 5–7 years of hands-on experience in cybersecurity operations, including roles in a SOC, incident response, or cyber threat analysis.
• Relevant security certifications are required, such as CISSP, CISM, GIAC, CompTIA CySA+/Security+, CISA, or SANS certifications.
• Strong expertise in Microsoft Sentinel or other SIEM/SOAR platforms, including experience in writing queries, tuning alerts, and conducting log analytics.
• Experience with Microsoft Defender Endpoint, CSPM/CWP, or similar endpoint/cloud security technologies, with the ability to recommend mitigations based on threat intelligence.
• Proficiency in malware analysis, both static and dynamic, and understanding of threat actor techniques.
• Strong communication skills with the ability to clearly present technical findings, incident summaries, and recommendations to both technical and non-technical stakeholders.
• Proven experience managing or contributing to complex security projects, process improvement initiatives, or business development efforts (e.g., proposals, client engagements).
• Strong understanding of enterprise security controls, including asset lifecycle management, vulnerability/patch management, endpoint security, and architecture review.
• Familiarity with cloud transformation initiatives, cloud security operations, and architectural best practices for platforms like Azure, AWS, or Google Cloud.
• Demonstrated leadership capabilities, including mentoring, training, and guiding junior analysts in technical and procedural aspects.

Nice to Have:

• Hands-on experience with multi-cloud security (Azure, AWS, GCP).
• Previous experience in reverse engineering and threat hunting.
• Familiarity with automation tools and scripting (PowerShell, Python, etc.).