Senior Security Analyst

Roles & Responsibilities The Senior Security Analyst (L3) is a key member of the Security Operations Center (SOC), responsible for advanced detection engineering, proactive threat hunting, incident response leadership, and mentoring of junior analysts. This role requires strong technical expertise in SIEM, EDR, and SOAR platforms, coupled with a deep understanding of adversary TTPs and the evolving cybersecurity landscape. The incumbent will ensure the organization maintains a robust and adaptive defense posture against sophisticated cyber threats. Key Responsibilities: Design, develop, and deploy high-fidelity detection rules across SIEM platforms such as Splunk, Microsoft Sentinel, IBM QRadar, and Devo. Create custom use cases to detect MITRE ATT&CK aligned TTPs based on real-world threats and red team activities. Conduct detection gap analysis, tune alert mechanisms, and reduce false positives across MSS customer environments. Perform regular tuning and optimization of detection logic and correlation rules to enhance accuracy and reduce noise. Continuously assess and refine detection efficacy based on incident feedback and threat evolution. Collaborate with red/purple teams to validate detection logic and enhance threat-informed defenses. Maintain alignment of detection logic with the latest threat intelligence and industry best practices. Proactively hunt for advanced threats across on-premises and cloud environments using telemetry from SIEM, EDR, and NDR tools. Develop hypotheses for hunting campaigns based on TTPs, intelligence feeds, and incident trends. Use frameworks such as MITRE ATT&CK and the Diamond Model to structure hunting activities. Ingest, analyze, and operationalize threat intelligence from internal, commercial, and open-source sources (OSINT). Collaborate with internal and external intelligence teams to contextualize IOCs and TTPs. Contribute to the threat intelligence lifecycle (collection, analysis, dissemination, feedback). Maintain updated threat intelligence repositories and support continuous improvement of intelligence playbooks. Lead the full incident response lifecycle, including detection, triage, containment, eradication, and recovery. Investigate and analyze incidents escalated by L1/L2 SOC analysts, determining root causes and impact. Conduct forensic investigations on endpoints, logs, and network data to identify indicators of compromise. Coordinate with internal stakeholders and external partners during critical security incidents. Prepare detailed incident and root cause analysis (RCA) reports with remediation and mitigation recommendations. Develop and maintain incident response playbooks, runbooks, and procedures. Mentor and guide L1/L2 SOC analysts in advanced investigations and tool usage. Lead customer meetings to review SOC performance, security posture, and ongoing initiatives. Present key metrics, RCA summaries, and incident reports to customers and management. Participate in tabletop exercises and red/purple team assessments. Act as the primary escalation point for major incidents and client communications. Identify process gaps and drive improvements or automation within SOC operations. Collaborate with cross-functional teams including Engineering, Development, and Compliance to ensure cohesive defense strategies. Essential Qualifications: Minimum of 810 years of experience in SOC or Managed Security Services (MSS) environments. Bachelor's Degree in Computer Science, Cybersecurity, Information Security, or equivalent discipline. Proven hands-on experience with SIEM technologies (Splunk, Microsoft Sentinel, IBM QRadar, Devo). Strong knowledge and experience with EDR/EPP platforms such as CrowdStrike and Microsoft Defender. Experience with SOAR technologies and security automation workflows. Understanding of malware analysis across Windows, Linux, and macOS environments. Exposure to firewall technologies including Cisco, Palo Alto, Checkpoint, and Fortinet. Proficiency in Windows and Linux environments, including Unix-based troubleshooting. Practical experience with ing (Python, PowerShell, or shell ing) for task automation. Knowledge of current cyber threats, vulnerabilities, and attack vectors. Strong team collaboration and leadership abilities, with proven mentoring experience. At least one SANS certification (GCIH preferred). Familiarity with ITIL standards and structured SOC operations. Ability to develop and maintain SOC standard operating procedures and custom threat intelligence feeds (e.g., MISP). Desirable Qualifications: Experience performing vulnerability assessments and reporting findings to business stakeholders. Familiarity with threat hunting techniques and proactive detection strategies. Expertise in network security technologies (IDS/IPS, VPNs). Working knowledge of cloud security platforms (AWS, Azure, Google Cloud). Understanding of compliance frameworks such as GDPR, NIST, and PCI-DSS. Experience in forensics, incident response, and penetration testing. Advanced proficiency in automation and ing for operational efficiency. Strong analytical and troubleshooting skills, particularly during high‐severity incidents. #J-18808-Ljbffr