L3 SOC Engineer

Your Role

As an L3 SOC Engineer, you will lead advanced cybersecurity investigations while continuously improving detection engineering and threat monitoring capabilities.

You will combine:

• Advanced Incident Response
• Threat Hunting
• Detection Engineering
• SOC Process Improvement

This role is ideal for a senior cybersecurity professional who enjoys both hands-on incident response and improving SOC maturity at scale.

Advanced Incident Response

• Lead investigations of complex and high-severity cybersecurity incidents
• Support and guide L1/L2 analysts during escalations
• Perform forensic investigations and root cause analysis
• Coordinate containment, eradication, and recovery actions with IT and security teams

Threat Hunting & Advanced Analysis

• Conduct proactive threat hunting activities
• Analyze attacker TTPs using frameworks such as MITRE ATT&CK
• Investigate malware, phishing campaigns, and advanced attack patterns
• Leverage threat intelligence and behavioral analytics

Detection Engineering

• Design, develop, and optimize SIEM/EDR/XDR detection use cases
• Improve detection fidelity and reduce false positives
• Translate threat intelligence into actionable detection logic
• Validate detections through simulations, purple teaming, and adversary emulation

SOC Continuous Improvement

• Improve SOC playbooks, automation, and operational processes
• Identify gaps in monitoring and incident response
• Contribute to SOC reporting and maturity initiatives
• Mentor junior analysts and support knowledge sharing

• Strong experience as an L3 Incident Responder
• Advanced hands-on experience with:
• Microsoft Sentinel
• Microsoft Defender XDR
• Splunk
• KQL scripting
• Detection use case development
• Malware analysis
• Threat hunting
• Solid understanding of:
• MITRE ATT&CK
• Purple Teaming
• Vulnerability Management
• ServiceNow
• Stamus
• Experience with:
• Windows Server environments (2016+)
• Linux Red Hat
• Microsoft Azure