Job Description
<p><span style="font-size:12px;">Job Purpose: </span></p> <p><span style="font-size:12px;">The SOC L3 Manager is responsible for managing the Security Operations<br />
Center (SOC) at the highest level. This role involves overseeing daily operations,<br />
managing escalations, and ensuring timely detection, analysis, and response to<br />
cybersecurity incidents. The SOC L3 Manager will provide strategic direction, mentor<br />
SOC analysts, and strengthen the organizations security posture.</span></p> <p><br />
<span style="font-size:12px;">1 Device Integration 100 % Device integration with SIEM & Rule configuration for the same.</span></p> <p><span style="font-size:12px;">2 Incident Investigation Response</span></p> <p><span style="font-size:12px;">• Ownership of high-severity or complex incidents<br />
(P2/P1) escalated by L2 analysts.<br />
• Deep-dive forensic analysis on endpoints, servers,<br />
and network devices.<br />
• Correlate multiple alerts/logs across SIEM, EDR,<br />
NDR, and firewall to identify attack chains.<br />
• Conduct Root Cause Analysis (RCA) for major<br />
incidents.<br />
• Recommend and oversee containment, eradication,<br />
and recovery actions.<br />
• Document and communicate incident status and<br />
impact to SOC Manager/CISO.</span></p> <p><span style="font-size:12px;">3 SIEM Tuning & Use-Case Enhancement</span></p> <p><span style="font-size:12px;">• Review false positives reported by L1/L2 and fine-<br />
tune detection rules to improve accuracy.<br />
• Create or modify correlation rules, custom queries,<br />
dashboards, and reports in SIEM.<br />
• Validate that new log sources are properly<br />
ingested, parsed, and normalized.<br />
• Develop advanced detection use cases based on<br />
latest threats, MITRE ATT & CK, or threat intel.</span></p> <p><br />
<span style="font-size:12px;">4 Threat Hunting </span></p> <p><span style="font-size:12px;">• Conduct proactive threat hunts for undetected malicious activity.<br />
• Use threat intelligence and IOC feeds to search<br />
across enterprise data sources.<br />
• Document findings, gaps, and recommendations<br />
from each hunt.</span></p> <p><span style="font-size:12px;">5 Threat Intelligence</span></p> <p><span style="font-size:12px;">• Map observed threats to MITRE ATTACK<br />
Correlation techniques.</span></p> <p><br />
<span style="font-size:12px;">6 Incident Coordination & Escalation</span></p> <p><span style="font-size:12px;">• Should be technical lead during active security<br />
incidents.<br />
• Coordinate with IT, network, and application teams<br />
for response activities.<br />
• Escalate critical incidents to the SOC Manager or<br />
CISO with detailed technical analysis.<br />
• Prepare incident summary reports and assist with<br />
post-incident reviews.</span></p> <p><span style="font-size:12px;">7 Tool & Technology Optimization</span></p> <p><span style="font-size:12px;">• Monitor performance of SIEM, SOAR, EDR/XDR,<br />
NDR, Threat Intel Platform.<br />
• Work with engineers to fix log source onboarding<br />
issues or agent failures.</span></p> <p><span style="font-size:12px;">8 Reporting & Documentation</span></p> <p><span style="font-size:12px;">• Update incident tickets with detailed investigation<br />
notes, artifacts, and resolution steps.<br />
• Maintain daily investigation tracker or SOC<br />
dashboard updates.<br />
• Provide incident trend analysis (e.g., top attack<br />
types, top sources, affected assets).<br />
• Contribute to weekly SOC performance reports.</span></p> <p><span style="font-size:12px;">9 Mentoring & Technical Support to L1/L2 & L3</span></p> <p><span style="font-size:12px;">• Guide L2 analysts on investigations and response<br />
procedures.<br />
• Review and approve incident closure summaries<br />
from L2.<br />
• Support Incident improvements and analyst skill<br />
development.</span></p> <p><span style="font-size:12px;">10 SOAR Automation</span></p> <p><span style="font-size:12px;">• Test new security tools, scripts, or automation to<br />
improve SOC efficiency with help of SOAR<br />
• Regularly review SOC playbooks, SOPs, and<br />
response templates for improvement.</span></p>
Center (SOC) at the highest level. This role involves overseeing daily operations,<br />
managing escalations, and ensuring timely detection, analysis, and response to<br />
cybersecurity incidents. The SOC L3 Manager will provide strategic direction, mentor<br />
SOC analysts, and strengthen the organizations security posture.</span></p> <p><br />
<span style="font-size:12px;">1 Device Integration 100 % Device integration with SIEM & Rule configuration for the same.</span></p> <p><span style="font-size:12px;">2 Incident Investigation Response</span></p> <p><span style="font-size:12px;">• Ownership of high-severity or complex incidents<br />
(P2/P1) escalated by L2 analysts.<br />
• Deep-dive forensic analysis on endpoints, servers,<br />
and network devices.<br />
• Correlate multiple alerts/logs across SIEM, EDR,<br />
NDR, and firewall to identify attack chains.<br />
• Conduct Root Cause Analysis (RCA) for major<br />
incidents.<br />
• Recommend and oversee containment, eradication,<br />
and recovery actions.<br />
• Document and communicate incident status and<br />
impact to SOC Manager/CISO.</span></p> <p><span style="font-size:12px;">3 SIEM Tuning & Use-Case Enhancement</span></p> <p><span style="font-size:12px;">• Review false positives reported by L1/L2 and fine-<br />
tune detection rules to improve accuracy.<br />
• Create or modify correlation rules, custom queries,<br />
dashboards, and reports in SIEM.<br />
• Validate that new log sources are properly<br />
ingested, parsed, and normalized.<br />
• Develop advanced detection use cases based on<br />
latest threats, MITRE ATT & CK, or threat intel.</span></p> <p><br />
<span style="font-size:12px;">4 Threat Hunting </span></p> <p><span style="font-size:12px;">• Conduct proactive threat hunts for undetected malicious activity.<br />
• Use threat intelligence and IOC feeds to search<br />
across enterprise data sources.<br />
• Document findings, gaps, and recommendations<br />
from each hunt.</span></p> <p><span style="font-size:12px;">5 Threat Intelligence</span></p> <p><span style="font-size:12px;">• Map observed threats to MITRE ATTACK<br />
Correlation techniques.</span></p> <p><br />
<span style="font-size:12px;">6 Incident Coordination & Escalation</span></p> <p><span style="font-size:12px;">• Should be technical lead during active security<br />
incidents.<br />
• Coordinate with IT, network, and application teams<br />
for response activities.<br />
• Escalate critical incidents to the SOC Manager or<br />
CISO with detailed technical analysis.<br />
• Prepare incident summary reports and assist with<br />
post-incident reviews.</span></p> <p><span style="font-size:12px;">7 Tool & Technology Optimization</span></p> <p><span style="font-size:12px;">• Monitor performance of SIEM, SOAR, EDR/XDR,<br />
NDR, Threat Intel Platform.<br />
• Work with engineers to fix log source onboarding<br />
issues or agent failures.</span></p> <p><span style="font-size:12px;">8 Reporting & Documentation</span></p> <p><span style="font-size:12px;">• Update incident tickets with detailed investigation<br />
notes, artifacts, and resolution steps.<br />
• Maintain daily investigation tracker or SOC<br />
dashboard updates.<br />
• Provide incident trend analysis (e.g., top attack<br />
types, top sources, affected assets).<br />
• Contribute to weekly SOC performance reports.</span></p> <p><span style="font-size:12px;">9 Mentoring & Technical Support to L1/L2 & L3</span></p> <p><span style="font-size:12px;">• Guide L2 analysts on investigations and response<br />
procedures.<br />
• Review and approve incident closure summaries<br />
from L2.<br />
• Support Incident improvements and analyst skill<br />
development.</span></p> <p><span style="font-size:12px;">10 SOAR Automation</span></p> <p><span style="font-size:12px;">• Test new security tools, scripts, or automation to<br />
improve SOC efficiency with help of SOAR<br />
• Regularly review SOC playbooks, SOPs, and<br />
response templates for improvement.</span></p>
Apply for this Position
Ready to join ? Click the button below to submit your application.
Submit Application