L3 SOC Analyst - Incident Responder

VySystems is seeking a highly experienced and technically proficient L3 SOC Analyst - Incident Responder for their Bangalore, Karnataka, India location. This role requires 8 to 13 years of experience, with an immediate to 15-day notice period. You will lead advanced security investigations, coordinate incident response activities, and enhance the organization's detection and response capabilities. This position demands deep, hands-on expertise in SIEM, SOAR, EDR, and cloud security technologies, coupled with the ability to collaborate effectively with L1/L2 analysts and customer stakeholders. As a senior technical authority within the SOC, you will drive complex investigations, develop advanced detection use cases, refine threat hunting strategies, and ensure alignment with frameworks like MITRE ATT&CK and NIST.

Key Responsibilities:

• Advanced Monitoring and Incident Response: Lead the investigation, containment, eradication, and recovery of complex security incidents using the NIST Incident Response framework. Manage end-to-end incident response, coordinating with internal and external stakeholders. Perform root cause analysis, forensics, and post-incident reporting. Guide and support L1/L2 SOC Analysts in escalated incident analysis.
• SIEM Operations and Engineering: Utilize multiple SIEM platforms (LogRhythm, Securonix, Azure Sentinel, Splunk, Palo Alto XSIAM). Manage log integration, parsing, normalization, and correlation from diverse data sources (endpoints, network, cloud, applications). Develop and optimize detection use cases based on UEBA, insider threats, and threat intelligence, aligned with MITRE ATT&CK TTPs. Validate and fine-tune correlation rules to reduce false positives.
• Threat Hunting and Threat Intelligence: Conduct proactive threat hunting using SIEM, EDR, IDP, and cloud security platforms (Azure preferred). Leverage threat intelligence feeds to enhance detection logic and enrich incident analysis. Correlate threat indicators with real-time telemetry to identify Advanced Persistent Threats (APTs) and targeted attacks.
• SOAR Automation and Process Improvement: Design, implement, and optimize SOAR playbooks across Splunk SOAR, Securonix SOAR, and Palo Alto XSOAR. Automate routine SOC workflows to improve incident response efficiency and consistency. Collaborate with engineering and architecture teams to enhance SOC tool integration and response orchestration.
• Endpoint and Data Security: Perform advanced endpoint analysis using CrowdStrike Falcon and Microsoft Defender for Endpoint (MDE). Investigate and remediate Data Loss Prevention (DLP) incidents and policy violations. Provide technical guidance on endpoint hardening and data protection strategies.
• Collaboration and Customer Engagement: Serve as a senior point of contact for L1/L2 analysts, mentoring, reviewing cases, and providing technical direction. Drive customer calls, understand client-specific security challenges, and deliver customized solutions. Communicate complex security issues clearly to both technical and non-technical stakeholders. Contribute to continuous SOC process improvement, reporting, and compliance initiatives.

Required Skills and Qualifications:

• Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent hands-on experience.
• 8 to 12 years of experience in Security Operations, Threat Detection, or Incident Response roles.
• Expert knowledge of SIEM tools (LogRhythm, Securonix, Azure Sentinel, Splunk, Palo Alto XSIAM).
• Expert knowledge of SOAR Platforms (Splunk SOAR, Securonix SOAR, Palo Alto XSOAR).
• Expert knowledge of EDR (CrowdStrike, Microsoft Defender for Endpoint).
• Proficiency in DLP Solutions, Email Security Tools, and Cloud Security (Azure preferred).
• Strong understanding of MITRE ATT&CK, NIST Cybersecurity Framework, and the incident response lifecycle.
• Proven experience in building and refining detection use cases (UEBA, insider threats, threat intelligence-based detections).
• Solid knowledge of network protocols, log analysis, and digital forensics.
• Excellent analytical thinking, communication, and leadership skills.
• Willingness to work in a 24/7 rotational shift environment.