SOC Level 3 Analyst & Incident Response Lead
SOC Level 3 Analyst & Incident Response Lead
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
We are seeking a highly skilled and experienced Tier 3 SOC Analyst who will also function as the Incident Response Lead. This is a hybrid technical-leadership position focused on managing critical security events conducting forensic investigations and continuously enhancing the incident response program. As a senior member of the SOC you will be the escalation point for complex and high-impact security incidents support forensic analysis lead root cause investigations and contribute to detection engineering efforts.
Qualifications :
Key Responsibilities
Tier 3 SOC Analyst Duties
- Act as the final escalation point for complex security alerts and incidents identified through Azure Sentinel and other security monitoring tools.
- Conduct in-depth digital forensic investigations across endpoints networks and cloud infrastructure (Azure M365 Microsoft Dynamics etc.).
- Perform malware analysis reverse engineering and memory/disk analysis to support incident triage and response.
- Provide expert-level guidance to Tier 1 and Tier 2 SOC analysts; coach and mentor to raise team capabilities.
- Correlate threat intelligence with incident data to understand adversary behavior and campaign objectives.
- Collaborate with SIEM engineers to tune develop and optimize detection use cases particularly for emerging threats.
- Maintain documentation of playbooks threat scenarios and incident patterns.
Incident Response Lead Duties
- Lead and coordinate the end-to-end incident response lifecycle from detection through containment eradication and recovery.
- Own and maintain IR documentation including incident tracking timelines RCA and after-action reports.
- Liaise with the CSIRT team and relevant business stakeholders during critical incidents.
- Lead post-incident reviews and facilitate lessons learned workshops contributing to policy procedure and control improvements.
- Drive continuous process improvement across SOC and IR operations ensuring integration with change and problem management.
- Ensure executive-level incident reporting and briefings are prepared and delivered as needed.
Qualifications
Required
- 5 years of experience in a Security Operations Center or Incident Response role.
- Proven experience leading major incident response efforts (e.g. ransomware APT data breaches).
- Strong forensic analysis skills (disk memory log and network forensics).
- Advanced proficiency in SIEM platforms (preferably Microsoft Sentinel) EDR tools (Defender for Endpoint) and forensic toolsets.
- Hands-on experience with vulnerability management and cloud security tools such as Wiz Tenable or Qualys.
- Understanding of attacker TTPs mapped to MITRE ATT&CK and threat hunting methodologies.
- Hands-on experience with scripting and automation (e.g. PowerShell Python) to streamline investigations and response.
- Knowledge of security controls network protocols operating systems and cloud environments (Azure).
- Strong communication skills and ability to present technical findings to non-technical stakeholders.
Additional Information :
Desirable Certifications
- GIAC Certified Forensic Analyst (GCFA) or GIAC Certified Incident Handler (GCIH)
- CISSP oscp GCIA or equivalent
- Microsoft certifications: SC-200 SC-300 AZ-500
Key Competencies
- Calm and decisive under pressure
- Analytical and detail-oriented
- Strong leadership and collaboration skills
- Proactive approach to process optimization and threat mitigation
- Passion for continuous learning and capability development
Remote Work :
Yes
Employment Type :
Full-time
Employment Type
Remote
