L3 SOC Analyst / Incident Response Analyst

1 month, 1 week ago
Full-time
Senior
Cybersecurity
ProArch

ProArch

At ProArch, we help our clients accelerate growth and mitigate risk with IT services, cybersecurity services, application development, cloud computing, and data analytics. ProArch was founded on the belief that a future where change is ‘business as usu...

Internet Software & Services
251-1K
Founded 2006

Description

  • Lead and support advanced security incident investigations across multiple customer environments.
  • Perform threat triage, IOC analysis, threat correlation, endpoint and identity investigations, email security investigations, and cloud security incident analysis.
  • Investigate and respond to account compromise, BEC, malware, ransomware, privilege escalation, lateral movement, phishing, and social engineering incidents.
  • Coordinate containment, remediation, and recovery activities with customer and internal teams.
  • Provide detailed investigation findings, timelines, impact assessments, and response recommendations.
  • Conduct proactive threat hunting and threat validation activities.
  • Support digital forensics and evidence collection activities when needed.
  • Design, develop, tune, and maintain detection rules, analytics rules, KQL queries, and correlation logic in Microsoft Sentinel and Microsoft Defender XDR.
  • Build and optimize SOC automation workflows using Sentinel playbooks, Logic Apps, SOAR platforms, and API-driven integrations.
  • Maintain investigation playbooks, SOPs, workflow documentation, operational runbooks, and detection documentation while collaborating with SOC, engineering, vendors, and customer stakeholders.

Requirements

  • Bachelor’s degree or graduation in Computer Science, Information Technology, Cybersecurity, or a related technical field is mandatory.
  • 6-9 years of overall cybersecurity experience.
  • Strong hands-on experience in incident response, threat investigation, SOC operations, detection engineering, and DFIR activities.
  • Prior Incident Response Analyst experience is highly preferred.
  • Experience working within MSSP environments is preferred.
  • Experience supporting or collaborating with US-based teams and vendors is preferred.
  • Proven hands-on experience with SOAR platforms in enterprise or MSSP environments.
  • Strong experience designing and implementing SOC automation workflows from scratch.
  • Hands-on experience with Microsoft Sentinel and Defender XDR SIEM operations is mandatory.
  • Strong hands-on experience with Microsoft security platforms including MDE, Defender XDR, MDI, MDO, MDCA, Microsoft Purview, Entra ID / Microsoft Identity Protection, and CrowdStrike Falcon.
  • Strong experience creating detection rules, analytics rules, KQL queries, and tuning detections.
  • Experience with SOC workflow design, SOAR engineering, API integrations, and workflow orchestration.
  • Understanding of MITRE ATT&CK, threat detection methodologies, threat hunting methodologies, and AI-driven attack techniques.
  • Preferred experience with PowerShell, Python, REST APIs, and Logic Apps.
  • KQL is mandatory.
  • Preferred certifications include Microsoft SC-200, SC-401, AZ-500, SC-900, SC-100, CISSP, and SOAR or security automation certifications.
  • Strong verbal and written communication skills and the ability to work across technical and non-technical teams.
  • Ability to work independently in a remote-first, multicultural, fast-paced MSSP environment.
  • Rotational shift availability for US business hours or after hours, with on-call escalation participation when required.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

German Speaking Fraud Investigator | Relocate to Sofia, Bulgaria

Mercier Consultancy Professional Services

German-speaking Fraud Investigator role in Sofia, Bulgaria, supporting an international team to review suspicious activity, investigate potential fraud, and protect customers and businesses from financial risk.

19 hours, 43 minutes ago

Security Controls Assessor (SCA) - Journeyman

Avint 11-50 IT Services

Avint is hiring a Journeyman Security Controls Assessor to support a critical federal contract by performing security assessments and compliance validation across organizational information systems within the RMF and A&A lifecycle.

AWS Azure Cybersecurity GCP Penetration Testing
19 hours, 43 minutes ago

Surveillance Officer

Prevail Partners 11-50 Professional Services

Prevail Partners is seeking experienced Surveillance Officers to support an Ultra High Net Worth client through discreet protective surveillance operations within a specialist security programme.

20 hours, 13 minutes ago

RMF Process Specialist (R-00181)

True Zero Technologies 11-50 Internet Software & Services

True Zero Technologies is seeking an RMF Process Specialist to support the development, documentation, standardization, and governance of Risk Management Framework processes across the organization.

Cybersecurity Git
20 hours, 13 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers