SOC L3 & Incident Response SME – CrowdStrike SIEM

Experience: 8 12 Years

Location - Chicago IL (Onsite)

Role Summary

• The SOC L3 & Incident Response SME is responsible for advanced threat detection incident response and SOC operations using CrowdStrike Falcon (SIEM EDR/XDR). This role acts as the final escalation point (L3) for complex security incidents leads investigations drives containment and remediation and continuously improves SOC detection and response capabilities.
• The role requires deep hands on expertise in CrowdStrike SIEM EDR/XDR threat hunting IR playbooks and strong coordination with SOC IT cloud and business stakeholders.

Key Responsibilities

• SOC L3 Operations (CrowdStrike)
• Act as L3 escalation point for complex and high severity security incidents.
• Lead advanced investigations using CrowdStrike Falcon SIEM EDR/XDR and telemetry.
• Perform deep analysis of alerts logs endpoint behavior and attacker TTPs.
• Validate and triage alerts to eliminate false positives and reduce alert fatigue.
• Mentor L1/L2 analysts and provide technical guidance.

Incident Response & Threat Containment

• Lead end to end incident response including:
  • Detection analysis containment eradication and recovery
• Execute response actions using CrowdStrike:
  • Host isolation
  • Process termination
  • IOC blocking
  • Policy enforcement
• Coordinate with IT cloud and application teams during incidents.
• Drive post incident reviews root cause analysis and lessons learned.

Reporting Metrics & Governance

• Provide incident reports executive summaries and RCA documentation.
• Track and report SOC KPIs including:
  • MTTD / MTTR
  • Incident severity trends
  • Detection coverage and effectiveness
• Support audits tabletop exercises and compliance reporting.

Collaboration & Stakeholder Management

• Work closely with:
  • SOC leadership
  • Threat intelligence teams
  • IT Cloud DevOps and IAM teams
• Act as a technical SME during major incidents and crisis management calls.
• Support threat intel sharing and hunting initiatives.

Required Skills & Experience

Core Technical Skills

• Strong hands on experience with CrowdStrike Falcon SIEM and EDR/XDR
• Proven experience in SOC L3 / Incident Response roles
• Deep knowledge of:
• Endpoint network and cloud attack techniques
• MITRE ATT&CK framework
• Malware ransomware and advanced persistent threats
• Strong log analysis and investigation skills.

Security Operations Experience

• SIEM detection engineering and tuning
• Threat hunting and IOC analysis
• Incident response lifecycle and forensics basics
• Experience working in 24x7 SOC environments (rotation/on call)

Certifications (Preferred)

• CrowdStrike certifications
• GCIA / GCIH / GCED / GCIR
• CISSP / Security
• Incident Response or Threat Hunting certifications