Desired Competencies (Technical/Behavioral Competency)
Technical Competencies
1. Ability to independently handle L3 level escalations in a 24x7 SOC environment
2. Strong capability to: Validate escalations from SOC L1 and L2 teams. Perform root cause analysis and impact assessment. Support containment and remediation actions
3. Expertise in SIEM and EDR driven investigations
4. Ability to identify true positives vs false positives and reduce noise
5. Experience supporting threat hunting and proactive detection activities
6. Strong understanding of endpoint, network, cloud, and application security threats
7. SIEM: Splunk Enterprise Security (or equivalent enterprise SIEM)
8. EDR: CrowdStrike Falcon (or equivalent EDR platforms)
9. Security monitoring tools across: Endpoints, Network, Servers, Cloud environments
10. Threat intelligence and investigation platforms
11. Incident tracking, case management, and reporting tools
Responsibility of / Expectations from the Role
1. Act as the L3 escalation point within a 24x7 shift based SOC model
2. Validate and support escalations from SOC L1 and L2 analysts
3. Coordinate with incident response, DFIR, and threat intelligence teams
4. Support proactive threat hunting and detection improvement initiatives
5. Provide technical guidance and mentorship to SOC team members across shifts
6. Prepare detailed incident reports, investigation findings, and management summaries
7. Participate in rotational shifts, on call support, and incident bridges as required.
For External Sources:
Desired Competencies (Technical/Behavioral Competency)
Technical Competencies
1. Ability to independently handle L3 level escalations in a 24x7 SOC environment
2. Strong capability to: Validate escalations from SOC L1 and L2 teams. Perform root cause analysis and impact assessment. Support containment and remediation actions
3. Expertise in SIEM and EDR driven investigations
4. Ability to identify true positives vs false positives and reduce noise
5. Experience supporting threat hunting and proactive detection activities
6. Strong understanding of endpoint, network, cloud, and a pplication security threats
7. SIEM: Splunk Enterprise Security (or equivalent enterprise SIEM)
8. EDR: CrowdStrike Falcon (or equivalent EDR platforms)
9. Security monitoring tools across: Endpoints, Network, Servers, Cloud environments
10. Threat intelligence and investigation platforms
11. Incident tracking, case management, and reporting tools
Responsibility of / Expectations from the Role
1. Act as the L3 escalation point within a 24x7 shift based SOC model
2. Validate and support escalations from SOC L1 and L2 analysts
3. Coordinate with incident response, DFIR, and threat intelligence teams
4. Support proactive threat hunting and detection improvement initiatives
5. Provide technical guidance and mentorship to SOC team members across shifts
6. Prepare detailed incident reports, investigation findings, and management summaries
7. Participate in rotational shifts, on call support, and incident bridges as required.
