SOC Analyst Level

Overview

Our client is a leading cybersecurity firm establishing a next-generation Security Operations Center (SOC) to deliver world-class monitoring, detection, and incident response capabilities. Built on advanced analytics, automation, and threat intelligence, this SOC serves as a central pillar of enterprise defense across diverse digital environments. We are seeking exceptional security professionals to shape, lead, and evolve this capability into a benchmark for operational excellence and resilience.

Role

Senior SOC Analyst L3 – DFIR Specialist to lead complex security investigations, major incident response, and digital forensic analysis within the Security Operations Center. This senior role is responsible for deep-dive forensic investigations, evidence collection, malware analysis, timeline reconstruction, and providing expert guidance throughout high-severity incidents.

Responsibilities

• Lead the forensic and incident response capability within a modern, fast-evolving SOC.

• Work alongside advanced analysts, threat hunters, and engineering teams.

• Influence detection quality, SOC maturity, and organizational resilience.

• Access specialist training, certifications, and career advancement opportunities.

• Act as the primary escalation point for complex or high-severity incidents requiring deep investigation.

• Lead digital forensics across endpoints, servers, cloud workloads, and identity platforms.

• Perform memory, disk, and log forensics using industry-standard forensic tools and methodologies.

• Conduct malware analysis (static and dynamic) to identify behaviors, capabilities, and indicators.

• Develop forensic timelines and detailed incident reports, including root cause analysis.

• Support containment and remediation activities, advising SOC Analysts and engineering teams.

• Collaborate with Detection Engineers to convert forensic findings into engineered detections.

• Provide expert input during threat hunting activities and purple-team exercises.

• Maintain evidence handling and chain-of-custody procedures in line with best practices.

• Mentor L1 and L2 Analysts on investigation techniques, forensics fundamentals, and IR workflows.

• Contribute to incident response playbooks and continuous improvement of DFIR processes.

Role Requirements

• 5+ years of experience in incident response, forensics, SOC operations, or cyber investigation roles.

• Hands-on expertise with forensic tools and DFIR methodologies (e.g., KAPE, Velociraptor, FTK, Autopsy, Volatility).

• Strong knowledge of attacker techniques, malware behavior, persistence mechanisms, and lateral movement.

• Proficiency with SIEM (Microsoft Sentinel preferred) and EDR platforms (Defender, Crowd

Strike, Carbon Black).

• Experience performing evidence collection, artefact extraction, and forensic analysis across diverse environments.

• Strong understanding of MITRE ATT&CK, threat actor behaviors, and incident response lifecycles.

• Excellent analytical, investigative, and incident reporting skills.

• Certifications such as GCFA, GCFE, GCIH, CHFI, or equivalent are highly desirable.

• Technical Skills: Forensic Tools: KAPE, Velociraptor, FTK, Volatility, Autopsy; Platforms: Microsoft Sentinel, Defender, Crowd

Strike; Investigations: Malware analysis, artefact extraction, timeline reconstruction; Frameworks: MITRE ATT&CK, NIST IR; Processes: Evidence handling, IR lifecycle, chain of custody, RCA.