SOC Analyst- L3 (SOC Lead)

• *Job Description**

The SOC L3 Analyst is responsible for leading the Security Operations Center function, managing the L1 and L2 teams, and handling high\-severity and complex security incidents. This role combines advanced technical expertise with operational leadership. The L3 ensures incident response quality, SLA adherence, detection improvement, and continuous enhancement of SOC processes.

• *Key Responsibilities:**

• *1\. Incident Management \& Escalation Oversight**

· Lead investigation of critical and high\-impact security incidents

· Act as final escalation point for L2 analysts

· Drive root cause analysis and ensure corrective actions are implemented

· Oversee containment, eradication, and recovery activities

· Conduct post\-incident reviews and document lessons learned

• *2\. Team Leadership \& Shift Governance**

· Manage and mentor L1 and L2 SOC analysts

· Conduct shift reviews, quality checks, and case audits

· Ensure SLA adherence and operational discipline

· Plan shift coverage and resource allocation for 24x7 operations

· Identify training needs and skill development plans

• *3\. Detection Engineering \& Platform Optimization**

· Oversee tuning and optimization of SIEM and detection rules

· Approve new use cases and threat detection strategies

· Drive reduction of false positives and alert fatigue

· Enhance automation and SOAR integrations where applicable

· Hands\-on experience with platforms such as Wazuh, or Seceon aiSIEM is typically expected.

• *4\. Threat Intelligence \& Proactive Security**

· Lead threat hunting initiatives

· Integrate threat intelligence into detection workflows

· Map incidents to MITRE ATT\&CK techniques

· Identify emerging attack patterns relevant to the organization

· **5\. Governance, Reporting \& Stakeholder Management**

· Prepare executive\-level incident summaries and monthly SOC reports

· Present metrics such as MTTD, MTTR, false positive rate, and escalation trends

· Support audits and compliance assessments

· Coordinate with Client , infrastructure, cloud, and application teams during major incidents

· Participate in risk review and change advisory discussions

• *Required Technical Skills:**

· Advanced log analysis across Windows, Linux, firewall, EDR, and cloud platforms

· Strong understanding of endpoint security tools such as Microsoft Defender for Endpoint and CrowdStrike Falcon

· Experience with threat hunting methodologies

· Knowledge of scripting (PowerShell, Python, Bash) for investigation and automation

· Familiarity with ITSM/ticketing platforms such as ServiceNow or ConnectWise

• *Qualifications:**

· 10\+ years of experience in SOC / Security Operations

· Minimum 2\+ years leading a SOC team

· Bachelor’s degree in computer science, Information Security, or related field

· Preferred certifications: CISSP, CISM, CEH, GCIA, CySA\+

Job Types: Full\-time, Permanent

Pay: ₹1,000,000\.00 \- ₹2,700,000\.00 per year

Benefits

• Health insurance
• Paid sick time
• Paid time off
• Provident Fund

Application Question(s)

• How many years of Team Handling Experience do you have ?

Experience

• SOC or Cyber Security: 8 years (Required)

Location

• Gurugram, Haryana (Required)

Shift availability

• Night Shift (Required)

Work Location: In person