Senior SOC Analyst / SOC Manager

Job Description

Key Responsibilities: Advanced Threat Detection & Incident Response: Serve as the final escalation point for critical incidents and threat investigations. Lead deep-dive analysis on alerts, threats, and indicators across varied environments. Conduct malware analysis, reverse engineering, and threat hunting when needed. Perform forensic analysis using endpoint, network, and cloud telemetry. SOC Operations in MSSP Context: Operate in a multi-tenant SOC supporting enterprise, mid-market, and OT/ICS clients. Customize correlation rules, detection logic, and alert tuning for each client environment. Collaborate with client security teams during incident lifecycle and response activities. Ensure SOC processes, SLAs, and communications are aligned with client expectations. Technical Leadership & Mentoring: Guide and mentor L1 and L2 analysts in investigation techniques, use case analysis, and incident triage. Review escalations, ensure incident quality, and drive analyst capability building. Help design and maintain client-specific runbooks and detection use cases . Tooling & Engineering Support: Work closely with SIEM/SOAR engineers to enhance detection logic and automation. Validate detection efficacy using red team or threat simulation tools. Participate in tuning efforts for SIEM (e.g., Splunk, Sentinel, QRadar, LogRhythm, Seceon, etc.) and EDR tools. Reporting & Documentation: Create detailed incident reports, RCA documents, and threat summaries for clients. Provide technical input during client reviews and executive briefings. Maintain compliance with internal quality standards, frameworks (MITRE ATT&CK, NIST, ISO), and regulatory mandates. Required Skills & Experience: Proven experience in: SIEMs: Splunk, Sentinel, Exabeam, QRadar, or similar. EDR platforms: CrowdStrike, SentinelOne, Carbon Black, etc. SOAR and automation workflows. Scripting (Python, PowerShell, or Bash) for threat hunting or automation. Strong understanding of TCP/IP, threat vectors, and log analysis. Knowledge of frameworks such as MITRE ATT&CK, NIST 800-61, and ISO 27035. Ability to manage high-pressure incidents across multiple clients simultaneously. Preferred Certifications (Nice to Have): GIAC (GCIA, GCIH, GNFA), OSCP, CISSP, or equivalent certifications. Experience with OT/ICS threat detection and asset monitoring is a plus. Knowledge of cloud monitoring (Azure/AWS/GCP) and hybrid threat detection