Role: SOC L3 Analyst Location: Reading Duration: 6 Months Seeking a highly experienced SOC L3 Analyst to strengthen our Security Operations Center. As a Tier 3 CERT Analyst, Candidate will lead the investigation and remediation of advanced cyber threats, leveraging cutting-edge tools such as Splunk, Microsoft Sentinel, CrowdStrike, and Defender and other security stacks. Candidate will handle complex incidents like APTs, malware, and data breaches, ensuring swift, effective responses to minimize risk to the organization and its clients. The ideal candidate will have advanced expertise in monitoring, analyzing, and mitigating cybersecurity threats, as well as managing security tools and mentoring junior analysts. This role involves proactive threat hunting, incident response, and collaboration with cross-functional teams to enhance the organization s security posture. 1.Incident Detection and Response: Lead investigations and remediation of complex security incidents, including malware infections, data breaches, and advanced persistent threats (APTs). Utilize advanced SIEM (Security Information and Event Management) tools, threat intelligence platforms, and other security technologies to analyze and correlate security alerts. Take ownership of Tier 3-level escalations from Tier 1 and Tier 2 analysts and guide them through complex incident response procedures. 2.Threat Hunting & Analysis: Proactively search for threats across the environment using behavioral analysis and threat intelligence data. Analyze data from logs, network traffic, endpoint activities, and threat intelligence feeds to detect unusual or malicious activity. Collaborate with other security teams to uncover hidden threats and vulnerabilities. 3.Incident Forensics: Perform in-depth forensic analysis to determine the scope, impact, and root cause of security incidents. Collect, preserve, and analyze evidence related to breaches, intrusions, or malware infections while adhering to legal and regulatory requirements. Prepare reports and documentation that detail the findings, impact assessments, and remediation efforts. 4.Remediation and Recovery: Provide guidance on incident containment, eradication, and recovery processes. Work closely with IT teams to implement remediation steps and ensure that compromised systems are properly cleaned and restored. Collaborate with threat intelligence teams to identify indicators of compromise (IOCs) and ensure proper actions are taken to block further attacks. 5.Collaboration & Knowledge Sharing: Work with internal stakeholders (e.g., IT, network security, DevOps) to improve overall organizational security posture. Share knowledge, techniques, and findings with Tier 1 and Tier 2 teams to improve detection and response capabilities. Participate in post-incident reviews and recommend improvements to processes, tools, and techniques. 6.Security Intelligence & Research: Stay up-to-date with the latest cybersecurity trends, vulnerabilities, and attack techniques. Contribute to the enhancement of threat intelligence by sharing research findings on emerging threats. Develop and maintain custom detection signatures or playbooks to enhance detection and response capabilities. 7.Reporting & Documentation: Create detailed incident reports, including technical analysis and recommendations for mitigation. Present findings to management and external stakeholders, such as clients or regulatory bodies, when necessary. Ensure proper documentation of incident response workflows, timelines, and action items for continuous improvement. 8.Compliance and Risk Management: Ensure all incident response activities align with industry standards, regulations, and best practices (e.g., NIST, ISO 27001, GDPR, HIPAA). Work with legal and compliance teams to manage incidents within the scope of data privacy laws and regulations.. Experience: Minimum of [6-8] years of experience in cybersecurity, with incident response, digital forensics, or threat hunting. Strong experience in handling complex cyber incidents (e.g., APTs, ransomware, data breaches). Hands-on experience with SIEM platforms (e.g., Splunk, ArcSight, LogRhythm) and endpoint detection/response (EDR) tools. Technical Skills: Proficient in incident response tools and techniques, including network and system forensics, malware analysis, and memory analysis. Expertise in analyzing and responding to threats on different platforms (Windows, Linux, cloud environments, etc.). Familiarity with scripting languages (Python, PowerShell, etc.) to automate tasks or create custom detection methods. Certifications (Preferred ): Certified Information Systems Security Professional (CISSP) Certified Incident Handler (GCIH, EC-Council) Certified Forensic Computer Examiner (CFCE) GIAC Certified Forensic Analyst (GCFA) GIAC Certified Intrusion Analyst (GCIA) ADZN1_UKTJ