SOC Tier 3 Analyst

About The Position

Requirements

• 5+ years of experience in SOC operations, incident response, detection engineering support, threat analysis, or advanced cybersecurity operations.
• Advanced experience using SIEM, EDR, log analysis, case management, and cross-tool correlation to investigate complex security incidents.
• Strong understanding of adversary tradecraft, MITRE ATT&CK, incident response lifecycle activities, evidence handling, detection logic, and enterprise security architecture.
• Experience leading complex investigations, validating technical findings, defining response priorities, and coordinating technical response across multiple teams.
• Experience developing or validating detection requirements, alert logic, analytic coverage, investigation workflows, or response playbooks.
• Strong written and verbal communication skills, including the ability to brief technical findings and mentor lower-tier analysts.

Responsibilities

• Lead analysis of complex, high-impact, multi-stage, or ambiguous security incidents across enterprise systems, cloud environments, identity platforms, endpoints, networks, and applications.
• Validate incident severity, scope, attack path, affected assets, affected accounts, likely root cause, and potential operational or business impact.
• Review and resolve escalated findings from SOC Analyst 1 and SOC Analyst 2, including disputed severity, inconclusive evidence, or multi-source correlation challenges.
• Provide technical facts, risk context, and recommended response priorities to SOC leadership for major incident handling and stakeholder communication.
• Coordinate complex containment, eradication, and recovery support with Security Engineer, Senior Engineer, system owners, incident responders, and other technical teams.
• Define evidence collection requirements and coordinate handoff to Forensics Lead or Forensics Mid when formal acquisition, preservation, chain of custody, or deep forensic analysis is required.
• Guide investigation strategy, timeline development, technical response sequencing, and escalation decisions for complex incidents.
• Maintain alignment with approved incident response plans, playbooks, evidence-handling expectations, and leadership direction.
• Analyze adversary behaviors, attack patterns, vulnerabilities, threat intelligence, control gaps, and recurring incident trends to improve detection and response effectiveness.
• Define analytic requirements and validate correlation rules, alert logic, dashboards, use cases, and response playbooks for operational effectiveness.
• Map complex observed behaviors to MITRE ATT&CK and other applicable threat models to support analytic improvement and stakeholder reporting.
• Coordinate with SOC Threat Hunter to convert hunt findings into operational detections and with Senior Splunk Engineer or Splunk Architect/Lead for technical implementation.
• Prepare or review complex incident summaries, technical timelines, investigation narratives, after-action inputs, and lessons-learned content.
• Communicate complex technical findings in clear operational, business, and risk language for SOC leadership, program stakeholders, and technical teams.
• Provide technical input to SOC Technical Writer for SOPs, playbooks, knowledge articles, and formal documentation products.
• Mentor SOC Analyst 1 and SOC Analyst 2 personnel through escalation review, coaching, analytic guidance, and quality feedback.
• Lead or support detection reviews, tabletop exercises, incident retrospectives, process assessments, and quality improvement activities.
• Identify recurring gaps in telemetry, tools, controls, workflows, documentation, or analyst training and coordinate corrective action requirements with the appropriate owner.
• Stay current with evolving cyber threats, vulnerabilities, adversary tradecraft, detection techniques, and security operations best practices.
• Translate lessons learned and threat developments into improved detections, procedures, escalation criteria, and analyst enablement materials.