Full-Time SOC Level 3 Analyst & Incident Response Lead

We are seeking a highly skilled and experienced Tier 3 SOC Analyst who will also function as the Incident Response Lead. This is a hybrid technical-leadership position focused on managing critical security events, conducting forensic investigations, and continuously enhancing the incident response program.

As a senior member of the SOC, you will be the escalation point for complex and high-impact security incidents, support forensic analysis, lead root cause investigations, and contribute to detection engineering efforts.

Tier 3 SOC Analyst Duties

• Act as the final escalation point for complex security alerts and incidents identified through Azure Sentinel and other security monitoring tools.
• Conduct in-depth digital forensic investigations across endpoints, networks, and cloud infrastructure (Azure, M365, Microsoft Dynamics etc.).
• Perform malware analysis, reverse engineering, and memory/disk analysis to support incident triage and response.
• Provide expert-level guidance to Tier 1 and Tier 2 SOC analysts; coach and mentor to raise team capabilities.
• Correlate threat intelligence with incident data to understand adversary behavior and campaign objectives.
• Collaborate with SIEM engineers to tune, develop, and optimize detection use cases, particularly for emerging threats.
• Maintain documentation of playbooks, threat scenarios, and incident patterns.

Incident Response Lead Duties

• Lead and coordinate the end-to-end incident response lifecycle, from detection through containment, eradication, and recovery.
• Own and maintain IR documentation including incident tracking, timelines, RCA, and after-action reports.
• Liaise with the CSIRT team and relevant business stakeholders during critical incidents.
• Lead post-incident reviews and facilitate lessons learned workshops, contributing to policy, procedure, and control improvements.
• Drive continuous process improvement across SOC and IR operations, ensuring integration with change and problem management.
• Ensure executive-level incident reporting and briefings are prepared and delivered as needed.

What is the last date for applying to the job?

Which countries are accepted for this remote job?