Job Description
The SOC L3 Analyst is responsible for leading the Security Operations Center function, managing the L1 and L2 teams, and handling high-severity and complex security incidents. This role combines advanced technical expertise with operational leadership. The L3 ensures incident response quality, SLA adherence, detection improvement, and continuous enhancement of SOC processes.
Key Responsibilities:
1. Incident Management & Escalation Oversight
· Lead investigation of critical and high-impact security incidents
· Act as final escalation point for L2 analysts
· Drive root cause analysis and ensure corrective actions are implemented
· Oversee containment, eradication, and recovery activities
· Conduct post-incident reviews and document lessons learned
2. Team Leadership & Shift Governance
· Manage and mentor L1 and L2 SOC analysts
· Conduct shift reviews, quality checks, and case audits
· Ensure SLA adherence and operational discipline
· Plan shift coverage and resource allocation for 24x7 operations
· Identify training needs and skill development plans
3. Detection Engineering & Platform Optimization
· Oversee tuning and optimization of SIEM and detection rules
· Approve new use cases and threat detection strategies
· Drive reduction of false positives and alert fatigue
· Enhance automation and SOAR integrations where applicable
· Hands-on experience with platforms such as Wazuh, or Seceon aiSIEM is typically expected.
4. Threat Intelligence & Proactive Security
· Lead threat hunting initiatives
· Integrate threat intelligence into detection workflows
· Map incidents to MITRE ATT&CK techniques
· Identify emerging attack patterns relevant to the organization
· 5. Governance, Reporting & Stakeholder Management
· Prepare executive-level incident summaries and monthly SOC reports
· Present metrics such as MTTD, MTTR, false positive rate, and escalation trends
· Support audits and compliance assessments
· Coordinate with Client , infrastructure, cloud, and application teams during major incidents
· Participate in risk review and change advisory discussions
Required Technical Skills:
· Advanced log analysis across Windows, Linux, firewall, EDR, and cloud platforms
· Strong understanding of endpoint security tools such as Microsoft Defender for Endpoint and CrowdStrike Falcon
· Experience with threat hunting methodologies
· Knowledge of scripting (PowerShell, Python, Bash) for investigation and automation
· Familiarity with ITSM/ticketing platforms such as ServiceNow or ConnectWise
Qualifications:
· 10+ years of experience in SOC / Security Operations
· Minimum 2+ years leading a SOC team
· Bachelor’s degree in computer science, Information Security, or related field
· Preferred certifications: CISSP, CISM, CEH, GCIA, CySA+
Job Types: Full-time, Permanent
Pay: ₹1,000,000.00 - ₹2,700,000.00 per year
Benefits:
- Health insurance
- Paid sick time
- Paid time off
- Provident Fund
Application Question(s):
- How many years of Team Handling Experience do you have ?
Experience:
- SOC or Cyber Security: 8 years (Required)
Location:
- Gurugram, Haryana (Required)
Shift availability:
Work Location: In person
