Security Operations Center Tier 3 Analyst

5+ years of experience in a SOC, incident response, or advanced cybersecurity role
Experience in digital forensics, malware analysis, and threat intelligence
Experience in scripting and automation such as Python, PowerShell, or Bash, to improve detection and response
Experience operating within globally distributed teams, accommodating multiple time zones and operational requirements
Knowledge of attack frameworks, including MITRE ATT&CK and Cyber Kill Chain, advanced adversary tactics, and security tools, including SIEM such as Elastic, QRadar, Sentinel, EDR such as CrowdStrike or Microsoft Defender, and IDS/IPS
Ability to work under pressure, prioritize, and respond to security incidents in a fast-paced environment
Ability to work in a 24/7 shift-based environment as needed
Ability to obtain a Secret clearance
Bachelor’s degree in Cybersecurity or IT
IAT II or IAM III Certification

Lead the investigation, containment, and remediation of high-severity security incidents.
Conduct deep-dive forensic analysis on compromised systems, malware, and network traffic.
Perform proactive threat-hunting activities using SIEM, EDR, and other security tools.
Collaborate closely with global IT, DevOps, and infrastructure teams to enhance system integrations and data flows within Elastic Stack.
Develop advanced detection rules, correlation logic, and automation for threat detection and response.
Act as a subject matter expert (SME) for security incidents, tools, and methodologies.
Work closely with threat intelligence teams to analyze adversary tactics, techniques, and procedures (TTPs).
Conduct and participate in purple teaming exercises to test and improve security controls.
Create and refine SOC playbooks, incident response procedures, and security policies.
Mentor and train Tier 1 and Tier 2 analysts, enhancing their technical capabilities.
Collaborate with IT, compliance, and risk teams to ensure alignment with security frameworks such as MITRE ATT&CK, NIST, or ISO 27001.