Lead SOC Analyst (L3)

About This Role

Lead SOC Analyst (L3)

Role Overview

We are looking for an experienced L3 SOC Analyst who can take ownership of major incident response efforts. This senior role blends hands‑on expertise with leadership: you’ll guide SOC analysts, steer complex investigations, shape long‑term SOC strategy, and help drive the evolution toward AI‑enhanced security operations.

Key Responsibilities

• Oversee and support day‑to‑day SOC operations at the L3 level, ensuring rapid and accurate handling of advanced threats.
• Act as the Lead Incident Responder , directing major investigations from initial detection through containment, eradication, and recovery.
• Mentor and coach SOC analysts across all tiers, fostering technical growth and operational excellence.
• Identify opportunities to streamline SOC workflows, enhance automation, and improve detection and response capabilities.
• Develop and maintain a forward‑looking SOC roadmap aligned with business needs and emerging threat trends.
• Contribute to the design and implementation of AI‑driven SOC capabilities, enabling intelligent triage, automated response, and next‑generation detection.
• Collaborate with Threat Intelligence, Security Engineering, and DevOps teams to strengthen detection coverage and SOC readiness.
• Produce detailed incident documentation and drive continuous improvement through structured post‑incident reviews.

Required Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or equivalent hands‑on experience.
• 6+ years in SOC or security operations roles, including at least 1–2 years in a senior, L3, or leadership capacity.
• Demonstrated experience leading incident response efforts in high‑pressure environments.

Core Competencies

• Advanced incident handling, threat containment, and crisis coordination.
• Strong proficiency with SIEM platforms (Sentinel, Elastic) and EDR tools (Defender, CrowdStrike).
• Experience improving SOC performance through KPIs, coverage metrics, and quality assessments.

Preferred Certifications

• GIAC Incident Handler (GCIH)
• GIAC Intrusion Analyst (GCIA)
• CREST Registered Intrusion Analyst (CRIA)
• GIAC Network Forensic Analyst (GNFA)
• GIAC Certified Forensic Analyst (GCFA)