Security Operations Center Analyst (L3)

About the role

The Security Operations Center (SOC) Analyst (Level 3) is a subject‑matter expert responsible for leading the investigation, containment, and remediation of advanced security incidents. You will work closely with L1 and L2 analysts, the CSIRT, and IT management to ensure threats are neutralised and lessons are captured.

Key responsibilities

• Manage and respond to escalated security incidents from L1/L2 teams.
• Conduct deep‑dive investigations, root‑cause analysis, and produce technical after‑action reports.
• Validate IOCs, correlate network traffic, host alerts, and forensic data.
• Develop and tune SIEM alerts, filters, dashboards, and monitoring utilities.
• Support threat‑hunting activities and proactive research.
• Coordinate with SIEM engineers to improve event correlation and performance.
• Document lessons learned and contribute to the CSIRT process.

Required profile

• 5+ years of experience in Information Security, System Administration, or Network Engineering.
• 4‑5 years of dedicated security experience, preferably in a SOC environment.
• Strong analytical skills with the ability to handle high‑severity incidents.

Required skills

• Scripting: PowerShell, Bash/Ksh/Sh, Cisco IOS, JunOS, Perl, Tcl, Lua.
• Programming: C, C++, C#, Python, HTML, JavaScript.NET.
• Security tools: Metasploit, vulnerability scanners, Kali Linux, Nmap.
• Experience with SIEM platforms, threat intelligence, and incident response processes.