Summary: The Senior SOC Analyst L3 role involves supporting advanced security monitoring and incident response within a 24x7 Cyber Defense function for an Insurance client. The position requires acting as a technical escalation point for L1/L2 SOC analysts and collaborating with various teams to enhance security operations. The successful candidate will engage in SIEM engineering, threat hunting, and digital forensics to improve cyber defense capabilities. This role is critical for managing complex security incidents and mentoring junior analysts.
Key Responsibilities:
- Lead advanced investigation and response activities for complex cybersecurity incidents.
- Act as an escalation point for L1/L2 SOC analysts and coordinate incident response activities with internal teams and MSSP partners.
- Develop and maintain SIEM detection content, including rules, use cases, log parsers, and log integrations.
- Support SIEM migrations, log onboarding, detection engineering, and security platform improvements.
- Conduct threat hunting activities using threat intelligence and frameworks such as MITRE ATT&CK.
- Investigate endpoint, network, email, cloud, and identity-related security events to determine root cause and impact.
- Maintain and improve SOC playbooks, incident response procedures, and operational documentation.
- Support digital forensics investigations, evidence collection, and root cause analysis.
- Provide technical guidance and mentoring to junior SOC analysts.
- Manage security tooling integrations and support global 24x7 Cyber Defense operations.
- Work scheduled shift patterns as required to support operational coverage across UK and US time zones.
Key Skills:
- Bachelor's degree in Cybersecurity, Computer Science, or related field.
- 8+ years' experience in Security Operations, SOC Engineering, Cyber Defence, or similar cybersecurity technical roles.
- Strong experience with SIEM platforms, including detection engineering, log ingestion, parsing, and use case development.
- Experience with SIEM migrations, log onboarding, detection content creation, and security monitoring improvements.
- Experience working within large-scale enterprise SOC environments or senior technical roles within an MSSP.
- Strong knowledge of incident response, threat intelligence, malware, phishing, vulnerabilities, and attacker tactics, techniques, and procedures.
- Experience with enterprise security technologies including SIEM, EDR/XDR, IDS/IPS, and security analytics platforms.
- Strong understanding of on-premises and cloud-based Windows/Linux environments, Microsoft Azure, and Microsoft 365 security, including the ability to identify indicators of compromise.
- Experience with threat hunting, MITRE ATT&CK, Cyber Kill Chain concepts, and digital forensics.
- Relevant certifications such as CISSP, GCIH, Security+, CySA+, OSCP, CCSP, CEH, or Microsoft SC-200 are desirable.
- Strong analytical and communication skills, with the ability to present complex security findings clearly.
Salary (Rate): undetermined
City: London
Country: UK
Working Arrangements: hybrid
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Detailed Description From Employer:
Location: London/Hybrid
Rate: Competitive
Duration: Initial 6 months
As part of an Insurance client's 24x7 Cyber Defense function, we are seeking an experienced Senior SOC Analyst L3 to support advanced security monitoring, incident response, threat detection engineering, and continuous improvement of cyber defence capabilities.
The role will act as a technical escalation point for L1/L2 SOC analysts, working closely with Cyber Resilience teams, IT Infrastructure, and Managed Security Service Provider (MSSP) partners to investigate complex security incidents and enhance security operations.
The successful candidate will support SIEM engineering, detection content development, threat hunting, digital forensics, and security tooling improvements across a global enterprise environment.
Key Responsibilities
- Lead advanced investigation and response activities for complex cybersecurity incidents.
- Act as an escalation point for L1/L2 SOC analysts and coordinate incident response activities with internal teams and MSSP partners.
- Develop and maintain SIEM detection content, including rules, use cases, log parsers, and log integrations.
- Support SIEM migrations, log onboarding, detection engineering, and security platform improvements.
- Conduct threat hunting activities using threat intelligence and frameworks such as MITRE ATT&CK.
- Investigate endpoint, network, email, cloud, and identity-related security events to determine root cause and impact.
- Maintain and improve SOC playbooks, incident response procedures, and operational documentation.
- Support digital forensics investigations, evidence collection, and root cause analysis.
- Provide technical guidance and mentoring to junior SOC analysts.
- Manage security tooling integrations and support global 24x7 Cyber Defense operations.
- Work scheduled shift patterns as required to support operational coverage across UK and US time zones.
Qualifications & Experience
- Bachelor's degree in Cybersecurity, Computer Science, or related field.
- 8+ years' experience in Security Operations, SOC Engineering, Cyber Defence, or similar cybersecurity technical roles.
- Strong experience with SIEM platforms, including detection engineering, log ingestion, parsing, and use case development.
- Experience with SIEM migrations, log onboarding, detection content creation, and security monitoring improvements.
- Experience working within large-scale enterprise SOC environments or senior technical roles within an MSSP.
- Strong knowledge of incident response, threat intelligence, malware, phishing, vulnerabilities, and attacker tactics, techniques, and procedures.
- Experience with enterprise security technologies including SIEM, EDR/XDR, IDS/IPS, and security analytics platforms.
- Strong understanding of on-premises and cloud-based Windows/Linux environments, Microsoft Azure, and Microsoft 365 security, including the ability to identify indicators of compromise.
- Experience with threat hunting, MITRE ATT&CK, Cyber Kill Chain concepts, and digital forensics.
- Relevant certifications such as CISSP, GCIH, Security+, CySA+, OSCP, CCSP, CEH, or Microsoft SC-200 are desirable.
- Strong analytical and communication skills, with the ability to present complex security findings clearly.