Senior SOC Analyst

About the role

We are looking for a Senior SOC Analyst to lead advanced security monitoring, investigation, and response across our cloud, endpoint, network, and edge environments. This role sits at the L2/L3 level and plays a critical part in incident escalation, detection engineering, and strengthening our overall security posture. You will also act as a mentor to junior analysts and collaborate closely with security, cloud, and engineering teams.

Key responsibilities

• Perform advanced L2/L3 alert triage and investigations across endpoint, network, cloud, and edge security platforms

• Lead investigations using SIEM tools to validate incidents, reduce noise, and determine impact

• Analyze and respond to edge security events including WAF, DDoS, bot activity, and Zero Trust alerts

• Act as an escalation point for confirmed incidents and support containment and response actions

• Conduct root cause analysis and threat investigations, identifying attacker behavior and scope of impact

• Design, tune, and maintain detection rules and logic across SIEM platforms

• Improve detection coverage by aligning rules with the MITRE ATT&CK framework

• Mentor and guide junior SOC analysts and contribute to skill development across the team

• Help build and maintain investigation playbooks and incident response runbooks

• Collaborate with SOC leadership, Cloud Security, and Dev

Ops teams to improve security controls and visibility

What success looks like

• Security alerts are accurately triaged with reduced false positives and faster response times

• Incidents are thoroughly investigated with clear root cause analysis and actionable remediation

• Detection coverage improves continuously across cloud, endpoint, and edge environments

• Junior analysts demonstrate stronger investigation and escalation capabilities

• Cross-functional teams are supported with clear, timely security insights and recommendations

Qualifications

• 5+ years of experience as a SOC Analyst (L2/L3)

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or equivalent experience

• Hands-on experience with SIEM platforms (Splunk, Graylog, or similar)

• Experience performing alert triage, incident investigation, and escalation

• Strong knowledge of networking protocols (TCP/IP, DNS, HTTP/HTTPS, BGP)

• Experience analyzing AWS security logs (Cloud

Trail, Cloud

Watch, VPC Flow Logs)

• Experience with container and Kubernetes runtime security (Kubernetes, Amazon EKS)

• Hands-on experience with Cloudflare security tools (WAF, DDoS, Bot Management, Zero Trust)

• Strong understanding of IDS/IPS, firewalls, proxies, and DLP technologies

• Experience conducting root cause analysis and post-incident reviews

• Familiarity with MITRE ATT&CK framework and NIST incident response standards

• Experience developing and tuning SIEM detection rules

• Knowledge of scripting or automation (Python, Power

Shell, or Bash)

• Foundational understanding of AI/ML security concepts and LLM-related risks

• Strong analytical, investigation, and incident handling skills

• Ability to communicate technical findings to non-technical stakeholders

• Relevant certifications preferred (GCIA, GCIH, CompTIA CySA+, AWS Security Specialty)