We are seeking an experienced SOC Consultant (L3) – Technical Lead to serve as the onsite security expert, responsible for leading advanced incident response operations and driving SIEM and threat detection capabilities within a dynamic Security Operations Center (SOC) environment.
Role Overview:
The role involves end-to-end security incident management, SIEM operations, and coordination with internal SOC teams, vendors, and stakeholders to ensure timely detection, response, and resolution of security incidents. The position also focuses on strengthening detection capabilities through rule tuning, log analysis, and continuous improvement initiatives.
Key Responsibilities:
- Lead incident response lifecycle from detection to containment, eradication, and recovery
- Manage and support SIEM operations, including log onboarding, configuration, and tuning
- Perform security event analysis and investigation across Windows and Unix systems
- Review incident response reports and ensure accuracy before escalation
- Collaborate with SOC teams and stakeholders for effective incident handling
- Maintain detailed documentation and reporting dashboards
- Drive continuous improvement through threat analysis and lessons learned
Required Skills & Experience:
- 8+ years of experience in SOC operations, Information Security, or Security Administration
- Strong hands-on experience with SIEM platforms (Splunk SIEM, Azure Sentinel preferred)
- Experience with Network Detection and Response (NDR), preferably Vectra NDR
- Strong knowledge of incident response lifecycle and security event triage
- Solid understanding of networking, OSI model, protocols, and ports
- Experience in analyzing Windows and Unix logs
- Ability to work in high-pressure, shift-based SOC environments
Education:
Bachelor's or Master's degree in Computer Science, Information Security, Engineering, or related field.
