Sr. Security Operations Center (SOC) Analyst – Tier 3

Job Title: Sr. Security Operations Center (SOC) Analyst Tier 3

Location: Lawrenceville GA (100% On-site)

Duration: 12 Months Contract

Job Description:

We are seeking an elite Tier 3 SOC Analyst with deep expertise across the Microsoft Security ecosystem to support a highly regulated security-mature enterprise environment. This role is designed for a seasoned security professional capable of leading complex investigations performing advanced threat hunting and mentoring junior analysts. Only candidates with demonstrated hands-on experience in large-scale production Microsoft environments will be considered.

Mandatory Technical Requirements (Non-Negotiable)

• 8 years of cybersecurity/SOC experience including 3 years at Tier 2/3
• 5 years of hands-on experience with:

• Microsoft Defender XDR suite
• Microsoft Sentinel (SIEM/SOAR)
• Microsoft Entra ID (formerly Azure AD)
• On-premises Active Directory
• Microsoft Defender for Identity (MDI)

Proven expertise in:

• Advanced Kusto Query Language (KQL) for detection engineering & threat hunting
• Threat Explorer Advanced Hunting Incident Correlation
• Tenant Block/Allow Lists
• Custom analytics rules & automation playbooks in Sentinel

Advanced Skills Required

• Detection engineering & use-case development
• Threat hunting based on MITRE ATT&CK framework

Deep understanding of:

• Identity-based attacks (Pass-the-Hash Kerberoasting Golden Ticket)
• Endpoint & lateral movement techniques
• Cloud attack vectors in Azure/M365

Experience with:

• SIEM tuning & false positive reduction
• Incident response & digital forensics workflows
• Log source onboarding & normalization
• Security automation & SOAR integrations

Certifications (Required)

At least two of the following:

• GCIA / GCIH / GCED
• SC-200 (Microsoft Security Operations Analyst)
• SC-300 (Identity & Access Administrator)
• CISSP / CISM

Environment Expectations

• Experience supporting large enterprise (10000 users) environments
• Familiarity with hybrid AD / Entra ID identity architectures
• Ability to work in high-pressure 24/7 SOC environments

Soft Skills (Critical)

• Demonstrated leadership in incident handling
• Ability to mentor Tier 1 / Tier 2 analysts
• Strong executive-level communication skills
• Ability to defend technical findings to stakeholders

Nice-to-Have (Highly Valued)

• Purple team / adversary simulation experience
• Malware analysis / reverse engineering exposure
• Experience in regulated industries (Finance Healthcare Government)