Job Description

We are seeking an experienced Senior SOC L3 Analyst with deep expertise in Microsoft Sentinel SIEM to lead security monitoring, threat detection, and incident response. This role involves handling advanced cyber threats, fine-tuning SIEM capabilities, mentoring SOC teams, and driving security automation. Key Responsibilities: Advanced Threat Detection Incident Response: - Act as the final escalation point for critical security incidents. - Perform deep forensic analysis, malware analysis, and threat hunting across hybrid environments. - Investigate Advanced Persistent Threats (APT), zero-day exploits, and insider threats. - Develop and optimize custom KQL queries, detection rules, and Sentinel analytics for precise threat detection. - Lead post-incident forensics, root cause analysis (RCA), and corrective action plans. - Automate and streamline incident response using SOAR playbooks. SIEM Administration Optimization: - Configure, optimize, and fine-tune Microsoft Sentinel SIEM for maximum visibility and efficiency. - Design and implement custom detection rules, log parsers, and alerting mechanisms. - Integrate Azure Defender, Microsoft Defender, and third-party threat intelligence feeds into Sentinel. - Enhance log collection, correlation, and anomaly detection using AI/ML-based techniques. Threat Hunting Threat Intelligence: - Conduct proactive threat hunting using behavioral analytics and KQL-based queries. - Leverage MITRE ATTCK, Cyber Kill Chain, and Diamond Model frameworks for adversary tracking. - Implement Threat Intelligence Platforms (TIPs) and integrate with SIEM/SOAR solutions. - Identify and mitigate emerging threats, including fileless attacks, privilege escalation, and supply chain attacks. Compliance Security Governance: - Ensure compliance with industry standards (ISO 27001, NIST, PCI-DSS, GDPR, SOC2). - Develop and maintain SIEM reporting dashboards for executive and compliance reporting. - Assist in audit preparation, risk assessments, and security posture improvement plans. Leadership Mentoring: - Guide and mentor SOC L1 L2 analysts in advanced security investigation techniques. - Develop incident response playbooks, runbooks, and SOPs for the SOC team. - Conduct cybersecurity training, tabletop exercises, and red/blue team drills. - Collaborate with CISOs, IT, DevOps, and risk teams to enhance overall security posture. Required Skills Qualifications: 7+ years of hands-on experience in SOC operations, incident response, and threat hunting. Expertise in Microsoft Sentinel SIEM (rule creation, automation, integration). Strong knowledge of EDR, IDS/IPS, firewalls, network security, and cloud security (Azure, AWS, GCP). Proficiency in Kusto Query Language (KQL), PowerShell, Python for security automation. Deep understanding of MITRE ATTCK, Cyber Kill Chain, TTP-based threat modeling. Experience in threat intelligence, malware reverse engineering, and forensic investigations. Hands-on experience with SOAR platforms and security automation workflows. Certifications preferred: SC-200, CISSP, CISM, CISA, GIAC (GCFA, GCIH, GCIA), CEH, OSCP. Requirements > Hands-on experience in SOC operations, incident response, and threat hunting. Expertise in Microsoft. >Expertise in Microsoft Sentinel SIEM (rule creation, automation, integration). >Strong knowledge of EDR, IDS/IPS, firewalls, network security, and cloud security (Azure, AWS, GCP). >Proficiency in Kusto Query Language (KQL), PowerShell, Python for security automation. >Deep understanding of MITRE ATTCK, Cyber Kill Chain, TTP-based threat modeling. >Experience in threat intelligence, malware reverse engineering, and forensic investigations. >Hands-on experience with SOAR platforms and security automation workflows.