SOC Analyst 3

Job Description

Job Responsibilities: Monitor, analyze, and interpret security/system logs for events, operational irregularities, and potential incidents, and escalate issues to the appropriate teams when necessary. Oversee the detection and analysis of security events through various input tools and systems (SIEM, IDS/IPS, Firewalls, EDR, etc.). Conduct Red Team exercises to test and evaluate the effectiveness of preventive and monitoring controls in a simulated real-world attack environment, providing actionable feedback to improve defense strategies. Provide expert-level support for complex system/network exploitation and defense techniques , including deterring, identifying, investigating, and responding to system and network intrusions. Support in-depth malware analysis , focusing on both host and network-based threats, conducting log analysis, and performing triage in support of incident response activities. Maintain and enhance security technologies deployed across the organization, including customizing and fine-tuning SIEM use cases, parsing rules, and security tool configurations based on evolving threat intelligence. Monitor and assess the threat and vulnerability landscape , staying informed on new security advisories, zero-day vulnerabilities, and emerging threats, taking appropriate action to mitigate risks. Continuously monitor and triage security alerts , managing the escalation queue to ensure swift and efficient incident resolution. Monitor and fine-tune SIEM systems , improving content, parsing, and overall system maintenance to ensure accurate event correlation and detection of complex threats. Oversee security-related events in Cloud infrastructure, including IaaS, PaaS, and SaaS environments, responding to and mitigating security incidents in cloud environments. Deliver scheduled and ad-hoc reports on security posture, incident response outcomes, and security metrics, highlighting key findings, trends, and areas of improvement. Provide mentorship and guidance to L1 and L2 analysts , helping them grow their skills and knowledge of advanced threat detection, incident response, and security technologies. Develop and update Standard Operating Procedures (SOPs) , incident response playbooks, and training documentation to ensure consistent, effective incident handling across all SOC tiers. Work through the full ticket lifecycle , from initial alert detection to final resolution, ensuring thorough documentation, follow-ups, and corrective actions as necessary. Generate end-of-shift reports , ensuring seamless knowledge transfer to subsequent shifts and maintaining continuity in incident management. Perform threat-intelligence research to stay up-to-date with emerging attack patterns, vulnerabilities, and threat actor tactics, techniques, and procedures (TTPs). Actively participate in security forums , contributing to the exchange of knowledge and best practices with the wider cybersecurity community. Job Specifications: Qualifications: Bachelors degree in Engineering, Computer Science, Cybersecurity, or closely related coursework in technology disciplines. Certifications such as CISSP, CEH, CISM, GCIH, GCIA, or other industry-recognized certifications are highly desirable. Extensive experience with the following tools and technologies: SIEM Tools : Splunk, IBM QRadar, SecureOnix, etc. Case Management Tools : Swimlane, Phantom, ServiceNow, etc. EDR Solutions : Crowdstrike, SentinelOne, VMware Carbon Black, McAfee, Microsoft Defender ATP, etc. Network Analysis Tools : Darktrace, FireEye, NetWitness, Panorama, etc. Cloud Security : AWS, Azure, Google Cloud Platform (GCP), and associated security monitoring tools. Experience: 4+ years of SOC experience in progressively responsible roles with expertise in security monitoring, incident response, and threat detection/mitigation. Hands-on experience in conducting threat-hunting activities and vulnerability assessments . Proven ability to handle complex security incidents and effectively collaborate with cross-functional teams to mitigate cyber risks. Desired Skills: In-depth knowledge of SOC L1 and L2 responsibilities , with the ability to take the lead in complex incident investigations and escalate issues as needed. Advanced understanding of TCP/IP protocols , event log analysis , and the ability to interpret logs from various devices and systems. Strong understanding of Windows , Linux , networking concepts , and the interaction between different operating systems and networks . Experience analyzing network traffic and utilizing tools like Wireshark , tcpdump , and other packet capture and analysis utilities. Advanced understanding of security solutions like SIEMs, web proxies, EDR, Firewalls, VPNs, multi-factor authentication (MFA), encryption, IPS/IDS, etc. Functional knowledge of Cloud environments , and the specific security risks associated with IaaS, PaaS, SaaS offerings. Ability to research IT security issues and products , staying up to date with new attack vectors, cybersecurity tools, and evolving threats. Solid experience working in a TAT-based security incident resolution environment , with knowledge of ITIL and incident response best practices. Experience with scripting (e.g., Python, PERL, PowerShell) for automation, tool customization, and analysis is highly preferred. Malware analysis and reverse engineering skills are an added advantage. Personal Attributes: Highly self-motivated and proactive, with the ability to independently manage multiple tasks while maintaining attention to detail. Strong communication skills , both written and verbal, with the ability to effectively document findings, present reports, and communicate complex technical details to non-technical stakeholders. Ability to effectively prioritize tasks in a high-pressure, time-sensitive environment, with a focus on rapid, efficient incident resolution. Strong problem-solving skills , and a natural inclination to investigate and understand the root cause of security incidents. Team player , with the ability to work collaboratively with peers, other IT teams, and external partners, ensuring cohesive incident management and response. Passion for cybersecurity , with a keen interest in staying at the forefront of emerging security trends and technologies.