An L3 SOC (Security Operations Center) Analyst performs advanced security incident investigation, analysis, and response, typically escalating from L1 and L2 analysts. Key responsibilities include in-depth threat hunting, leading the response to sophisticated attacks, developing new detection rules and tools, performing forensic analysis, and mentoring junior analysts.

Lead :

- Lead incident response efforts for high-severity events, coordinating across teams to ensure effective containment and remediation

- Contribute to the development and refinement of SOC processes, playbooks, and escalation protocols.

Advanced investigation :

- Leading the investigation of complex security incidents, including root cause analysis of malware and sophisticated attacks.

- Lead and conduct deep-dive incident investigations and forensic analysis.

- Conduct advanced investigations of security alerts and incidents, including malware analysis, lateral movement, and data exfiltration.

- Conduct in-depth investigations and correlations, and work with stakeholders to mitigate and resolve critical, high-severity, and other complex incidents.

- Conduct analysis to gather evidence, validate root cause, and analyse the extent of compromise leveraging the Client's security toolset.

Threat hunting :

- Proactively searching for advanced threats that may have bypassed L1/L2 defenses, often using frameworks like MITRE ATT&CK.

- Perform threat hunting using hypothesis-driven approaches and threat intelligence to uncover hidden threats.

- Analyze attacker TTPs and translate them into actionable detections using frameworks such as MITRE ATT&CK and the Cyber Kill Chain.

Incident response leadership :

- Acting as a subject matter expert and lead on major incident response efforts, coordinating with other teams.

Detection and tool development :

- Creating new detection rules, signatures, and use cases for SIEMs and other security tools.

Forensic analysis :

- Performing in-depth forensic analysis on host and network data.

- Lead forensic investigations, including memory, disk, and network analysis, to support incident response and legal requirements.

Mentorship and collaboration :

- Guiding and training L1/L2 analysts, collaborating with engineering teams to improve security posture, and documenting findings.

Reporting :

- Providing detailed reports on security incidents and trends to stakeholders.

- Document investigation findings, incident timelines, and lessons learned in a clear and structured format.

Vulnerability assessment :

- Analysing and responding to vulnerabilities and recommending mitigation strategies.

Escalation Point : Act as an escalation point for L1 and L2 SOC Analysts. Mentor and provide training to junior SOC team members.

Responsibilities :

- Develop and implement advanced security protocols and incident response procedures

- You will lead investigations, coordinate responses, and mentor junior analysts, ensuring the security and integrity of our information systems.

- Proactively identify possible threats, security gaps and vulnerabilities that might be unknown.

- Additionally, any critical security alerts, threat intelligence, and other security data provided by Tier 1 and Tier 2 analysts need to be reviewed at this tier.

- Develop and refine incident response playbooks, integrating them with SOC processes and ensuring they reflect the latest threat intelligence.

- Develop automated workflows and integrations to streamline SOC processes and improve incident response times. Provide recommendations for improvement.

- Conduct regular assessments of SOC processes and contribute to playbook and runbook development.

- Prepare detailed incident reports and deliver findings to technical and non-technical stakeholders.

- Collaborate with detection engineering and threat intelligence teams to improve detection coverage and response workflows.

- Ensure process compliance through regular reviews and updates of existing SOPs, processes, standards, guidelines, and checklists periodically (quarterly/half-yearly). Additionally, assist in developing and improving Security Operations processes, including creating or modifying SOPs, Playbooks, and Work instructions.

- Contribute to SOC maturity assessments and strategic planning to enhance the organisations cyber defense posture.

- Participate in on-call rotation for after-hours security incident escalations.

Typical Work Environment:

- 24/7 operations : Often involves on-call rotations and working in a 24/7 environment.

- On-call support : Handles escalations and provides on-call support as needed.

- Dynamic and challenging : A role that offers challenging and stimulating assignments with growth opportunities.

Required skills and knowledge:

- Qualifications : BE/ B.Tech/ M.Tech/ MSc/ MCA qualification or equivalent

- 5+ years of experience in cybersecurity, particularly within a SOC environment.

- Deep understanding of security concepts : Expertise in cyber-attacks, threat vectors, malware analysis, network protocols (like TCP/IP), and operating systems (Windows, Linux, Unix).

- Identify and leverage emerging threat intelligence (IOCs, updated rules, etc. ) to identify affected systems and the scope of the attack.

- In-depth knowledge of security information and event management (SIEM) systems

- In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.

- Strong and In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, Threat Hunting, Threat Intelligence, Advanced Threat Detection and Analysis, Forensic analysis, Network security, endpoint security, Cloud security risk management, incident management, etc

- Proficient in Incident Management and Response, handling escalations

- Proficiency with security tools : Hands-on experience with SIEM, EDR, WAF, and other security technologies.

- Forensics and malware analysis : Strong skills in digital forensics and the analysis of malicious code. Strong understanding of network protocols, malware analysis, and forensic tools

- Threat intelligence : The ability to leverage threat intelligence to predict and prevent threats.

- Communication skills : Excellent written and verbal communication skills for reporting and collaborating with various teams.

- Problem-solving : Strong analytical and creative problem-solving skills.

- Certifications : Certifications like CompTIA Security+, CEH, GCIH or GIAC, CHFI, EC-Council Certified SOC Analyst (CSA), Microsoft SC-200, SC-300 are often required or a strong plus

- Strong understanding of adversary TTPs and frameworks like MITRE ATT&CK and Cyber Kill Chain

- Conduct in-depth investigations into complex security incidents

- Stay current with evolving threats and vulnerabilities to improve detection and response strategies

- Proven track record in handling and resolving advanced security threats. Advanced threat intelligence

- Scripting languages (Python, PowerShell)

- Knowledge about various tools like SIEM, SSL, Packet Analysis, HIPS/NIPS, Network Monitoring tools, Remedy, Service Now Ticketing Toolset, Web Security, AV, UBEA, Advanced SOC

- Communicate effectively by contributing significantly to the development and delivery of a variety of written and visual documents for diverse audiences

- Work closely with Security Operations Engineering and client teams, developing monitoring and detection capabilities and continuous improvement of our SOC services.

- Define the SOC framework and processes to measure company risks efficiently

- Provide mentorship and technical oversight to L1 & L2 analysts and MSSP-led supporting staff, reviewing investigations and guiding escalation decisions

- Willingness to provide on-call support outside of business hours.

- Extensive experience in supporting and configuring Endpoint detection and response (EDR), SIEM, SOAR, Vulnerability management, IDS/IPS, Email Security, Proxy, DLP, CASB, and PAM tools.

- Knowledge about various tools like SIEM, SSL, Packet Analysis, HIPS/NIPS, Network Monitoring tools, Remedy, Service Now Ticketing Toolset, Web Security, AV, UBEA, Advanced SOC

- Good understanding of ITIL processes, ISO/PCI DSS, including Change Management, Incident Management, and Problem Management.

- Familiarity with frameworks such as MITRE ATT&CK, NIST, and ISO 27001.

- Excellent communication skills, with the ability to translate technical findings into actionable outcomes.

- You will work with a wide variety of people from different internal organisational units, bringing them together to manifest controls that reflect workable compromises as well as proactive responses to current and future information security risks

- Participate in hiring, onboarding, and training activities to build a high-performing SOC team.

- Effective mentor and technical leader for junior analysts, fostering a culture of excellence in the SOC

- Committed to continuous improvement of SOC processes, playbooks, and detection capabilities

- Strategic thinker with the ability to assess risk, lead under pressure, and drive operational maturity

- Train L1/L2 via planned knowledge transfer and internal training sessions.

- Well-developed logical thinking capabilities, to be able to investigate cases.

- Customer-facing, with good report-writing skills and strong communication skills at all levels.

- Good interpersonal skills - clear communication, attentive and careful listening, empathetic behaviour, being positive, supporting helpful ideas and honest efforts of colleagues.

- Create and maintain runbooks, incident reports, and compliance documentation.