SOC L3 Security Analyst

Position OverviewWe are seeking a highly experienced Senior SOC Analyst / SIEM–SOAR Engineer with 9–10 years of proven expertise in designing, implementing, and optimizing enterprise and multi-tenant SOC environments using industry-leading SIEM and SOAR technologies such as Microsoft Sentinel, FortiNet SIEM SOAR ,IBM QRadar, Cortex XSOAR and XDR tools. The role demands deep technical and architectural understanding of security telemetry ingestion, parsing, and normalization, as well as hands-on proficiency in building complex correlation rules, engineering use cases, and automating incident response workflows. The ideal candidate will be adept in threat hunting, leveraging frameworks like MITRE ATT&CK, Cyber Kill Chain, and Diamond Model to proactively identify and contain advanced threats. They should possess a strong foundation in network and endpoint visibility, UBA/EUBA tuning, and cloud-native integrations across Azure and AWS Cloud to ensure contextual and comprehensive monitoring coverage. The role also requires the ability to architect scalable SIEM and SOAR solutions for MSSP and large enterprise clients, develop automated playbooks for containment and enrichment, and continuously optimize detections to reduce noise and false positives. A blend of engineering rigor, analytical thinking, and threat intelligence awareness is essential, along with the ability to clearly communicate technical insights and defense strategies to both clients and internal stakeholders. This is a hands-on technical position designed for professionals who can bridge the gap between detection engineering, threat response, and platform automation while continuously advancing the SOC’s maturity and resilience posture. The Senior Security Analyst will work closely with incident response, threat intelligence, and engineering teams to ensure a robust security posture across the enterprise.Why IncedoIncedo is a US-based consulting, data science and technology services firm with over 4,000 people helping clients from our six offices across US and India. We help our clients achieve competitive advantage through end-to-end digital transformation. Our uniqueness lies in bringing together strong engineering, data science, and design capabilities coupled with deep domain understanding. We combine services and products to maximize business impact for our clients in telecom, financial services, product engineering and life science & healthcare industries.Working at Incedo will provide you an opportunity to work with industry leading client organizations, deep technology and domain experts, and global teams. Incedo University, our learning platform, provides ample learning opportunities starting with a structured onboarding program and carrying throughout various stages of your career. A variety of fun activities is also an integral part of our friendly work environment. Our flexible career paths allow you to grow into a program manager, a technical architect or a domain expert based on your skills and interests.Key Responsibilities1. SIEM Architecture, Engineering & OptimizationArchitect, design, and deploy enterprise-grade and multi-tenant SIEM environments ensuring scalability, data segregation, and regulatory compliance.Engineer high-performance data ingestion pipelines – including log collection, parsing, normalization, and enrichment across hybrid infrastructure (on-prem, cloud, and OT).Build custom parsers, field extractions, and normalization logic (e.g., via regex, Grok, or Kusto queries) for complex or proprietary log sources.Implement data onboarding frameworks with well-defined validation, QA, and error-handling workflows to ensure minimal service disruption.Develop complex correlation rules, detection content, and dynamic risk scoring models to surface true positives efficiently.Integrate contextual threat intelligence feeds into SIEM for enriched alerting and prioritization.Maintain data retention and indexing strategies ensuring optimal performance and cost efficiency.Perform regular SIEM health checks, performance tuning, and upgrade planning to sustain operational reliability.2. SOAR Automation & Incident Response IntegrationArchitect and operationalize SOAR platforms to automate triage, enrichment, containment, and notification workflows.Build dynamic, modular playbooks integrating with EDR, threat intel, firewalls, IAM, and ticketing systems.Engineer adaptive automation logic (Python/REST API-based integrations) to improve response times and reduce analyst fatigue.Standardize IR playbooks aligned to MITRE ATT&CK and NIST 800-61 frameworks.Implement automated incident evidence collection and post-incident documentation within the SOAR for audit readiness.3. Threat Hunting & Advanced DetectionLead hypothesis-driven and data-driven threat hunting leveraging behavioral analytics, anomaly detection, and threat intel context.Use MITRE ATT&CK, Cyber Kill Chain, and Diamond Model of Intrusion Analysis to craft advanced hunt strategies.Conduct adversary emulation (Atomic Red Team, Caldera, Infection Monkey, etc.) to validate detection efficacy.Identify gaps in visibility and coverage, then translate findings into new or refined SIEM use cases.Collaborate with data science teams (if available) to integrate machine learning-based behavioural detection (EUBA/UBA models).Produce Hunt Reports and Detection Maturity Metrics (e.g., dwell time reduction, detection fidelity index).4. Use Case Engineering & Continuous TuningDesign use cases aligned with client environment, business criticality, and threat landscape.Conduct baseline behaviour profiling to tune threshold-based detections.Utilize UBA/EUBA models for continuous behavioural tuning and false positive reduction.Maintain a use case repository with defined lifecycle — concept, design, implementation, tuning, and deprecation.Periodically review and recalibrate detections against emerging attack techniques and client network evolution.5. Log Source Integration & Visibility EngineeringOnboard diverse log sources (network, endpoint, cloud, identity, application, and OT).Deep knowledge of log schema, event taxonomy, and protocol-level visibility (e.g., Syslog, NetFlow, Windows Eventing, API logs).Ensure log integrity and normalization to enable consistent analytics across clients.Map log source coverage to ATT&CK techniques, identifying gaps and suggesting enrichment sources.Engineer custom connectors and log forwarders when vendor integrations are unavailable.6. Threat Intelligence & ContextualizationOperationalize threat intelligence feeds, integrating IOCs, YARA, and STIX/TAXII sources.Correlate real-time telemetry with threat intel to identify targeted campaigns and attacker TTP patterns.Conduct threat modelling to align detection coverage to specific adversary clusters relevant to client verticals.7. SOC Maturity & Continuous ImprovementDefine and maintain SOC engineering KPIs: detection latency, false positive ratio, use case effectiveness, and hunt coverage.Collaborate with platform engineering teams for pipeline reliability, ingestion scaling, and indexing optimization.Mentor Tier 2 analysts on advanced investigation workflows, threat hunting methodology, and automation capabilities.Participate in tabletop exercises, red-blue simulations, and SOC process enhancements.8. Communication, Collaboration & Client AdvisoryDemonstrate strong client-facing capability — articulate “How” and “Why” behind each analysis, detection, and recommendation.Conduct client briefings on threat trends, posture improvement, and use case evolution.Collaborate cross-functionally with SOC, Incident Response, Threat Intel, and Engineering teams to deliver cohesive defence strategies.

Apply Now