Log In
Sign Up
The SOC Analyst Level 3 is a senior cybersecurity professional responsible for leading advanced security investigations, threat hunting, incident response, and mentoring SOC Level 1 and Level 2 analysts. This role requires deep expertise in security operations, forensics, threat intelligence, and security tool optimization. The Level 3 analyst also collaborates with stakeholders to improve security posture and incident response processes.
This position involves working within a Managed Security Services Provider (MSSP) environment, managing security operations for multiple clients across various industries. You will ensure compliance with Service Level Agreements (SLAs), develop security strategies, and provide expert-level incident handling and response.
Key Responsibilities:
Incident Handling & Response:
Lead complex security investigations and incident response activities.
Perform deep-dive forensic analysis, malware analysis, and reverse engineering of security incidents.
Manage and coordinate incident containment, eradication, and recovery efforts. Conduct root cause analysis and post-incident reviews to improve defenses.
Threat Hunting & Intelligence:
Conduct proactive threat hunting activities using SIEM, EDR, and other security tools.
Develop and test hypotheses for threat scenarios based on the latest cyber threat intelligence.
Utilize threat intelligence feeds to enhance detection capabilities and improve SOC workflows.
Security Tool Optimization & Automation:
Fine-tune and configure SOC tools, including SIEM, EDR, IDS/IPS, SOAR, and firewalls for optimal performance.
Develop and automate security processes using scripting (e.g., Python, PowerShell, Bash) and SOAR platforms.
Identify gaps in security monitoring and implement improvements to enhance detection and response capabilities.
Collaboration & Escalation:
Act as the escalation point for complex security incidents that Level 1 and Level 2 analysts cannot resolve.
Collaborate with security architects, network engineers, and IT teams to enhance security controls.
Work closely with threat intelligence teams to analyze and respond to emerging threats.
Reporting & Documentation:
Maintain detailed documentation of security incidents, forensic findings, and response actions.
Generate executive reports and present security insights to management and stakeholders.
Improve and develop SOC playbooks, workflows, and best practices.
Security Improvement Initiatives:
Participate in red team/blue team exercises to enhance security preparedness.
Conduct training sessions and mentorship programs for Level 1 and Level 2 analysts.
Drive continuous improvement of SOC processes, policies, and incident response methodologies.
SOC Operations & Shift Management:
Provide leadership and direction during security incidents and crisis situations.
Participate in SOC shift rotations, including nights, weekends, and holidays.
Ensure timely response to security incidents while maintaining high-quality incident resolution.
People Skills:
Strong leadership skills with experience mentoring and training junior analysts.
Excellent problem-solving and decision-making abilities in high-pressure situations.
Ability to communicate complex security concepts to both technical and non technical audiences.
Collaborative mindset, working effectively across teams and departments.
Strong analytical, research, and documentation skills.
Qualifications:
Bachelor’s degree in Cybersecurity, Information Technology, or a related field (or equivalent experience).
4+ years of experience in security operations, incident response, and cybersecurity analysis.
Strong understanding of cybersecurity frameworks (MITRE ATT&CK, NIST, ISO 27001).
Hands-on experience with SIEM, EDR, IDS/IPS, and other security tools.
Proficiency in scripting languages (Python, PowerShell, Bash) for automation and tool integration.
Deep knowledge of network security, threat intelligence, digital forensics, and malware analysis.
