Manager-SOC-Information Security

Job Purpose:

The SOC L3 Manager is responsible for managing the Security Operations
Center (SOC) at the highest level. This role involves overseeing daily operations
managing escalations and ensuring timely detection analysis and response to
cybersecurity incidents. The SOC L3 Manager will provide strategic direction mentor
SOC analysts and strengthen the organizations security posture.

1 Device Integration 100 % Device integration with SIEM & Rule configuration for the same.

2 Incident InvestigationResponse

Ownership of high-severity or complex incidents
(P2/P1) escalated by L2 analysts.
Deep-dive forensic analysis on endpoints servers
and network devices.
Correlate multiple alerts/logs across SIEM EDR
NDR and firewall to identify attack chains.
Conduct Root Cause Analysis (RCA) for major
incidents.
Recommend and oversee containment eradication
and recovery actions.
Document and communicate incident status and
impact to SOC Manager/CISO.

3 SIEM Tuning & Use-Case Enhancement

Review false positives reported by L1/L2 and fine-
tune detection rules to improve accuracy.
Create or modify correlation rules custom queries
dashboards and reports in SIEM.
Validate that new log sources are properly
ingested parsed and normalized.
Develop advanced detection use cases based on
latest threats MITRE ATT & CK or threat intel.

4 Threat Hunting

Conduct proactive threat hunts for undetected malicious activity.
Use threat intelligence and IOC feeds to search
across enterprise data sources.
Document findings gaps and recommendations
from each hunt.

5 Threat Intelligence

Map observed threats to MITRE ATTACK
Correlation techniques.

6 Incident Coordination & Escalation

Should be technical lead during active security
incidents.
Coordinate with IT network and application teams
for response activities.
Escalate critical incidents to the SOC Manager or
CISO with detailed technical analysis.
Prepare incident summary reports and assist with
post-incident reviews.

7 Tool & Technology Optimization

Monitor performance of SIEM SOAR EDR/XDR
NDR Threat Intel Platform.
Work with engineers to fix log source onboarding
issues or agent failures.

8 Reporting & Documentation

Update incident tickets with detailed investigation
notes artifacts and resolution steps.
Maintain daily investigation tracker or SOC
dashboard updates.
Provide incident trend analysis (e.g. top attack
types top sources affected assets).
Contribute to weekly SOC performance reports.

9 Mentoring & Technical Support to L1/L2 & L3

Guide L2 analysts on investigations and response
procedures.
Review and approve incident closure summaries
from L2.
Support Incident improvements and analyst skill
development.

10 SOAR Automation

Test new security tools scripts or automation to
improve SOC efficiency with help of SOAR
Regularly review SOC playbooks SOPs and
response templates for improvement.

Required Skills:

Handling P1/P2 critical incidents Deep-dive incident investigation Forensic analysis (endpoints servers network devices) Root Cause Analysis (RCA) Threat hunting Threat intelligence correlation (MITRE ATT&CK mapping)