L3 engineer (SOC Team Leader)
Responsibilities
- Lead end-to-end incident response activities, from preparation through containment, eradication, recovery, and lessons learned.
- Perform advanced triage across host, network, and cloud environments.
- Lead, monitor, and conduct digital forensic investigations, including memory, disk, registry, Shimcache, Amcache, and browser artifacts.
- Perform quality control (QC) on analysis results and reports produced by security analysts.
- Review threat hunting outcomes and proactively communicate findings, including indicators of compromise (IOCs), behavioral patterns, TTP-based insights, and anomaly-driven detections.
- Design, fine-tune, and propose detection rules (e.g., YARA, Sigma, KQL, SPL, CrowdStrike RTR) aligned with the MITRE ATT&CK framework.
- Provide technical leadership and mentorship to L1/L2 analysts and support decision-making during incident war-room sessions.
Requirements
- Strong experience in incident response, threat hunting, and detection engineering.
- Proven ability to lead under pressure and deliver clear, concise technical and executive-level reports.
- Strong analytical skills with the ability to perform contextual analysis across diverse security logs (e.g., EDR, Sysmon, firewall, AWS/GCP/Azure audit logs).
- Strong threat intelligence and root-cause analysis mindset.
- Bachelor's degree (S1) in a technical field (e.g., Computer Science, Information Security, Engineering).
- Relevant cybersecurity certifications are preferred.
- Minimum of 5 years of experience working in a Security Operations Center (SOC).
