Consultant - SOC Analysis L3

Responsibilities

Roles and Responsibilities

Serve as the primary onsite Level 3 resource, managing and coordinating with the SOC team within the country as well as any offshore vendors or suppliers.
Act as the liaison between the SOC team and external stakeholders to ensure seamless communication and operational efficiency.
Possess a good understanding of log source onboarding processes, including integration of new log sources into the SIEM.
Provide guidance and support to SOC SIEM engineers in the onboarding and configuration of log sources to ensure accurate and efficient data ingestion.
Conduct detailed reviews of IR reports before case handover to the IR team, ensuring accuracy and completeness of information.
Actively participate in all phases of the Incident Response lifecycle, including Preparation, Identification, Containment, Eradication, and Recovery.
Lead the remediation of security incidents from detection to resolution, coordinating closely with the IR team and other stakeholders as necessary.
Provide technical expertise to contain and mitigate threats, ensuring minimal impact on the organization.
Analyze existing security rules and provide recommendations for enhancements to improve detection and response capabilities.
Fine-tune SIEM rules based on incident analysis and emerging threat intelligence to reduce false positives and increase detection accuracy.
Ensure all cases are handled efficiently and escalated appropriately based on the severity and impact of the incident.
Maintain detailed case documentation, ensuring that all actions and decisions are accurately recorded.
At the end of each day, compile lessons learned from incidents and provide insights on rule fine-tuning and asset identification.
Continuously update and refine monitoring processes based on new findings and operational experiences.
Generate daily & weekly reports and use dashboards to provide visibility into security operations, incident status, and ongoing trends.

Qualifications

Required Skills

Experience:
Minimum of 8 years of experience in Information Security, with a focus on SOC operations, SIEM management, and security administration.
Proven experience with SIEM platforms, specifically Azure Sentinel, and Azure Network Security.
Strong experience in triaging security events, with a deep understanding of the OSI model, network ports, services, and protocols.
Proficiency in analyzing logs from both Windows and Unix operating systems and familiarity with different log formats.
Technical Skills:
In-depth knowledge of IP networking, including networking devices such as routers and switches.
Strong analytical and problem-solving skills, with the ability to conduct root cause analysis and recommend effective solutions.
Professional work ethics and the ability to handle sensitive information with integrity.
Preferred Criteria:
Experience working in rotational and night shifts within a SOC environment.
Demonstrated ability to operate effectively in high-pressure, fast-paced environments.

Educational Qualifications

Bachelor’s or Master’s degree in a technical discipline such as Computer Science, Information Security, or Engineering.

Desirable

Familiarity and experience working within the region
Experience working as part of an MSSP or MSP provider

Consultant - SOC Analysis L3

Key Skills

Related Jobs

Consultant - Solution Architecture

Head - Technology (Data/AI)

Engineer - SOC Analysis (L2)

Related Jobs

Consultant - Solution Architecture

Head - Technology (Data/AI)

Engineer - SOC Analysis (L2)

Cookie Settings