SOC Analyst Tier 3

Role Overview:

A SOC T3 analyst acts as the final escalation point for critical incidents and advanced threats. They perform deep forensic analysis, threat hunting, and proactive security improvement activities. They are also responsible for developing detection rules and assisting in incident response strategies.

Key Responsibilities:

• Investigate escalated incidents from Tier 2 analysts, including advanced persistent threats (APTs) and zero-day attacks.

• Perform root cause analysis and identify the scope of a breach.

• Conduct proactive threat hunting based on threat intelligence and anomalous patterns in logs.

• Develop hypotheses for undetected threats and test them against logs and telemetry.

• Analyze disk images, memory dumps, and network packet captures to identify malicious activity.

• Use forensic tools (e.g. FTK, Wireshark) for investigations.

• Develop custom detection rules for SIEM and EDR tools to improve detection capabilities.

• Fine-tune existing rules to reduce false positives and improve efficiency.

• Lead major incident response efforts and guide T1 and T2 analysts.

• Prepare detailed reports and executive summaries for stakeholders.

• Work closely with Threat Intelligence and Red Teams to enhance detection capabilities.

• Mentor and train junior analysts on advanced techniques and tools.

Skills and Qualifications:

• Advanced knowledge of SIEM, EDR, forensic tools, and malware analysis.

• Deep understanding of networking (e.g., firewalls, IDS/IPS), operating systems (Windows/Linux), and attack techniques (MITRE ATT&CK).

• Leadership skills to guide junior analysts and manage high-pressure incidents.

• Strong communication skills for translating technical findings into actionable insights.

• 3+ years of experience in cybersecurity, with expertise in SOC operations.

• Certifications (Nice to have): CISSP, GIAC GCIH, GCFA, OSCP, or equivalent.