L3 SOC Analyst

Role Overview:

WHAT YOU WILL DO:

• Incident Response & Technical Escalation
• Act as the final escalation point for complex incidents originating from L1/L2 analysis.
• Lead investigations into high-severity security events, including those impacting AWS, Azure, Kubernetes clusters and hybrid environments.
• Perform advanced forensic analysis across endpoints, cloud workloads, and network telemetry to determine root cause, impact, and remediation actions.
• Correlate telemetry from SIEM, EDR, CSPM, and cloud-native sources to identify sophisticated attack chains.
• Security Automation & SOAR Engineering
• Design, develop, and maintain automated response playbooks within the SOAR platform to improve response efficiency.
• Build and maintain automation scripts (Python, go, etc.) for alert enrichment, evidence collection, and containment.
• Integrate security platforms via APIs to enable streamlined, automated detection and response workflows.
• Identify opportunities to reduce Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) through automation and process optimisation.
• Threat Hunting & Detection Engineering
• Conduct proactive threat hunting across enterprise and cloud environments using intelligence-driven and hypothesis-based methodologies.
• Serve as an SME for cloud security monitoring leveraging tools such as AWS GuardDuty, CloudTrail, CrowdStrike, and Proofpoint.
• Develop and tune SIEM detections, correlation rules, and EDR queries aligned to MITRE ATT&CK tactics and emerging threat intelligence.
• Mentorship & Continuous Improvement
• Provide technical mentoring and guidance to L1/L2 analysts to strengthen SOC capability.
• Maintain and enhance SOC documentation including SOPs, runbooks, and response playbooks.
• Analyse incident trends and operational metrics to recommend improvements in detection coverage, automation effectiveness, and security posture.

WHAT YOU BRING:

• Bachelor’s degree in Computer Science, Cybersecurity, or related discipline (or equivalent industry experience).
• Extensive experience in Security Operations with demonstrable time in a senior analyst, threat hunter, or L3 role.
• Strong hands-on experience in cloud security monitoring and incident response across AWS, Azure, or GCP.
• Proven scripting and automation capability using Python, Go, PowerShell,Bash,etc.
• Practical experience with SOAR platforms (e.g., CrowdStrike Fusion SOAR) and SIEM technologies (e.g., CrowdStrike Falcon, Splunk, QRadar, Microsoft Sentinel).
• Deep understanding of EDR tooling, host/network forensics, and detection engineering practices.
• Strong working knowledge of the MITRE ATT&CK framework and its application in threat detection and hunting.