SOC Analyst L3

SOC Analyst L3 (Security Operations Analyst L2 & L3) – Summary

Roles & Responsibilities

Security Operations (24x7 SOC Environment)

• Monitor and respond to security alerts within a 24x7 SOC/Command Center setup.
• Oversee and execute advanced triage and incident analysis.
• Ensure timely and effective detection, response, and containment of security threats.

Incident Investigation & L3 Escalation Handling

• Take ownership of complex and high-severity security incidents escalated from L2.
• Perform in-depth forensic analysis and identify root causes of security breaches.
• Coordinate containment, eradication, and recovery actions for security incidents.
• Collaborate closely with infrastructure, network, and application teams for effective remediation.

SIEM, EDR & Threat Analysis

• Conduct advanced log analysis and threat detection using SIEM tools including Seceon Open Threat Management, Microsoft Sentinel, and Wazuh.
• Utilize EDR solutions for detailed endpoint investigation and response.
• Analyze security events across network, endpoint, identity, and cloud environments.
• Apply threat intelligence and IOC-based investigation techniques to identify and mitigate threats.

Windows & Infrastructure Security

• Administer and troubleshoot Windows Server environments, including Active Directory, GPO, DNS, and DHCP.
• Identify and resolve system-level security issues within enterprise infrastructure.
• Support investigations related to identity and access management.

Network Security Operations

• Support firewall rule analysis and security validation processes.
• Troubleshoot VPN connectivity and configuration issues.
• Monitor IDS/IPS alerts and investigate suspicious network activities.
• Collaborate with network teams to ensure swift incident containment.

Threat Hunting & Proactive Security

• Participate in proactive threat hunting initiatives to identify emerging threats.
• Identify anomalies across logs, endpoints, and network traffic patterns.
• Assist in vulnerability remediation and patch coordination efforts.
• Contribute to the improvement of detection capabilities and overall SOC maturity.

Incident Documentation & Reporting

• Maintain meticulous records of security incidents, including timelines and investigation reports.
• Create and update SOC playbooks and standard operating procedures for incident response.
• Provide clear and structured reporting to stakeholders and leadership.
• Ensure proper documentation for shift handover to maintain continuity.

Compliance & Security Governance

• Ensure adherence to established security policies, frameworks, and regulatory standards.
• Support compliance requirements aligned with NIST and SANS frameworks.
• Contribute to audit readiness and control validation activities.

Required Skills & Experience

• A minimum of 7 years of experience in a SOC / Command Center environment, with L2/L3 exposure.
• Strong hands-on experience in security monitoring and incident response is essential.
• Expertise in SIEM platforms, with a preference for Seceon-based environments.
• A solid understanding of Windows Server Administration and Network Security fundamentals.
• Experience with log analysis, threat detection, and incident response frameworks like NIST and SANS.
• Excellent analytical, communication, and problem-solving skills are required.
• Ability to perform effectively under pressure in a 24x7 environment.

Preferred Certifications

• CompTIA Security+
• CEH (Certified Ethical Hacker)
• Microsoft Certified: Security Operations Analyst Associate

Core Competencies

• Advanced Incident Response & Root Cause Analysis
• Threat Detection & Security Monitoring
• SIEM & EDR Expertise
• Windows & Identity Security
• Network Security Operations
• Threat Hunting & Analysis
• Escalation & Stakeholder Management
• Documentation & SOC Process Maturity
• Analytical Thinking & Problem Solving