L3 SOC Analyst - SIEM Tools (7-10 yrs)

L3 SOC Analyst

Job Description :

The L3 SOC Analyst is responsible for advanced threat detection, incident response, and proactive security monitoring in a fast-paced SOC environment.

The analyst will work closely with other SOC team members, security engineers, and stakeholders to ensure the organization's security posture is continuously improved.

They investigate complex security incidents and provides expert advice for mitigating threats and reducing future risks.

Key Responsibilities :

1. Incident Detection and Response :

- Act as the primary escalation point for L1 and L2 SOC analysts during security incidents.

- Perform in-depth analysis of security events and incidents using a variety of tools (SIEM, IDS/IPS, EDR, firewalls, etc.).

- Lead advanced threat hunting activities to identify anomalies and potential threats within the network.

- Execute incident response procedures, including containment, eradication, recovery, and lessons learned.

2. Forensics and Root Cause Analysis :

- Perform digital forensics and malware analysis to understand the full scope of security incidents.

- Investigate security breaches and advanced persistent threats (APT), providing detailed root cause analysis.

3. Security Tool Management :

- Fine-tune and optimize security tools such as SIEM, IDS/IPS, and EDR solutions to improve detection capabilities.

- Assist with the development and tuning of detection rules, signatures, and alert thresholds.

4. Documentation and Reporting :

- Create detailed reports of security incidents, including timelines, findings, and recommendations.

- Maintain accurate and comprehensive documentation of investigations, threat intelligence, and playbooks for use by the team.

Required Skills and Experience :

Experience : 7+ years of experience in a SOC environment, with at least 2 years in a senior or L3 analyst role.

Technical Expertise :

- Advanced knowledge of cybersecurity principles, incident response, and digital forensics.

- Hands-on experience with SIEM tools (Google SecOps, Splunk, QRadar, Sentinel etc), IDS/IPS, firewalls, endpoint detection and response (EDR) systems, and malware analysis tools.

- Proficiency in scripting languages (Python, PowerShell) for automating SOC tasks (Good to have).

- Familiarity with threat intelligence platforms and feeds, as well as IOCs and TTPs (Tactics, Techniques, and Procedures).

- Strong grasp of operating systems (Windows, Linux, MacOS) and networking protocols and concepts

- Problem-solver with excellent communication skills, a deep technical understanding of security best practices.

- Analyze log files from a variety of sources (for example, Individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security.

Certifications :

- Relevant certifications such as CISSP, GCIA, GCIH, OSCP, or CEH.

- Certifications in administration and threat hunting in Crowdstrike is a plus

Soft Skills :

- Strong analytical, problem-solving, and communication skills.

- Ability to work under pressure in high-stakes situations.

Preferred Qualifications :

Cloud Security :

- Experience securing cloud environments (AWS, Azure, GCP).

- Threat Hunting : Proven experience leading threat hunting campaigns.

Work Environment :

Location : Onsite or remote, depending on organizational policy.

Shifts : May involve rotating shifts and on-call availability due to the 24/7 nature of a SOC.