Senior Security Analyst(L3)- Threat Lead (RARR Job 6257)

We are seeking an experienced Senior Security Analyst (L3) / SOC Lead to join our Security Operations Center (SOC). The ideal candidate will be responsible for leading advanced threat detection, incident response, threat hunting, and detection engineering activities across enterprise security platforms. This role requires deep expertise in cyber threat analysis, digital forensics, incident investigation, security monitoring technologies, and SOC operations, along with the ability to mentor junior analysts and drive continuous improvement of security monitoring capabilities.

Key Responsibilities

• Act as the highest technical escalation point for L1 and L2 SOC analysts, leading the investigation and resolution of complex security incidents, advanced persistent threats (APTs), and sophisticated multi-stage attack campaigns.

• Conduct proactive threat hunting activities using industry-standard methodologies and frameworks such as MITRE ATT&CK to identify adversary tactics, techniques, and procedures (TTPs), uncover hidden threats, and improve detection coverage.

• Lead end-to-end incident response activities, including threat analysis, evidence preservation, forensic artifact collection, timeline reconstruction, malware triage, root cause analysis, containment, eradication, recovery recommendations, and executive-level incident reporting.

• Perform digital forensic investigations involving memory, disk, network, and endpoint artifacts to support incident response and threat attribution efforts.

• Own the detection engineering lifecycle by designing, testing, tuning, optimizing, and maintaining detection content across SIEM, SOAR, UEBA, NDR, Deception, and Attack Surface Management (ASM) platforms.

• Develop advanced correlation rules, behavioral analytics models, threat detection use cases, anomaly detection policies, and automated response workflows to enhance SOC effectiveness.

• Design, develop, and maintain SOAR playbooks, orchestration workflows, and automated enrichment and response mechanisms to improve incident handling efficiency.

• Configure and manage deception technologies, including honeypots, honeytokens, and other deception mechanisms, to support threat detection, adversary engagement, and intelligence collection.

• Collaborate with internal security teams and external stakeholders to strengthen threat intelligence capabilities, improve incident response processes, and enhance organizational cyber resilience.

• Prepare and present threat intelligence reports, incident summaries, risk assessments, and executive briefings for leadership and key stakeholders.

• Mentor and guide L1 and L2 analysts through technical coaching, case reviews, threat-hunting exercises, tabletop simulations, and knowledge-sharing initiatives.

Required Qualifications

• Bachelor's or Master's degree in Computer Science, Information Security, Cybersecurity, or a related field.

• Minimum 7 years of experience in Security Operations Center (SOC), Cyber Defense, Threat Hunting, Incident Response, or CSIRT environments, including at least 2 years in an L3 Analyst, Senior Security Analyst, or SOC Lead role.

• Expert knowledge of threat hunting methodologies, incident response processes, digital forensics, malware analysis, and threat intelligence operations.

• Strong hands-on experience with SIEM platforms such as Splunk, IBM QRadar, Microsoft Sentinel, ArcSight, or LogRhythm.

• Experience working with SOAR, UEBA, NDR, EDR, Threat Intelligence, and Deception technologies within enterprise SOC environments.

• Strong understanding of MITRE ATT&CK Framework, Cyber Kill Chain, threat actor behaviors, and modern attack techniques.

• Proven experience developing detection content, correlation rules, automation workflows, and advanced monitoring use cases.

• Experience leading complex incident investigations involving forensic analysis, malware triage, intrusion analysis, and threat containment activities.

Mandatory Certifications (At least one)

• GCIH (GIAC Certified Incident Handler)
• GCFA (GIAC Certified Forensic Analyst)
• GREM (GIAC Reverse Engineering Malware)
• OSCP (Offensive Security Certified Professional)
• CISM (Certified Information Security Manager)
• CREST Certifications
• SANS GIAC Certifications

Preferred Skills

• Threat Hunting
• Incident Response & Digital Forensics
• Malware Analysis
• Detection Engineering
• Threat Intelligence
• SIEM / SOAR Administration
• UEBA & NDR Technologies
• MITRE ATT&CK Framework
• Security Automation & Orchestration
• Purple Teaming
• SOC Leadership & Mentoring