Senior SOC Analyst

About the role
We are looking for a Senior SOC Analyst to lead advanced security monitoring, investigation, and response across our cloud, endpoint, network, and edge environments. This role sits at the L2/L3 level and plays a critical part in incident escalation, detection engineering, and strengthening our overall security posture. You will also act as a mentor to junior analysts and collaborate closely with security, cloud, and engineering teams.

Key responsibilities

• Perform advanced L2/L3 alert triage and investigations across endpoint, network, cloud, and edge security platforms
• Lead investigations using SIEM tools to validate incidents, reduce noise, and determine impact
• Analyze and respond to edge security events including WAF, DDoS, bot activity, and Zero Trust alerts
• Act as an escalation point for confirmed incidents and support containment and response actions
• Conduct root cause analysis and threat investigations, identifying attacker behavior and scope of impact
• Design, tune, and maintain detection rules and logic across SIEM platforms
• Improve detection coverage by aligning rules with the MITRE ATT&CK framework
• Mentor and guide junior SOC analysts and contribute to skill development across the team
• Help build and maintain investigation playbooks and incident response runbooks
• Collaborate with SOC leadership, Cloud Security, and DevOps teams to improve security controls and visibility

What success looks like

• Security alerts are accurately triaged with reduced false positives and faster response times
• Incidents are thoroughly investigated with clear root cause analysis and actionable remediation
• Detection coverage improves continuously across cloud, endpoint, and edge environments
• Junior analysts demonstrate stronger investigation and escalation capabilities
• Cross-functional teams are supported with clear, timely security insights and recommendations

Requirements

• 5+ years of experience as a SOC Analyst (L2/L3)
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or equivalent experience
• Hands-on experience with SIEM platforms (Splunk, Graylog, or similar)
• Experience performing alert triage, incident investigation, and escalation
• Strong knowledge of networking protocols (TCP/IP, DNS, HTTP/HTTPS, BGP)
• Experience analyzing AWS security logs (CloudTrail, CloudWatch, VPC Flow Logs)
• Experience with container and Kubernetes runtime security (Kubernetes, Amazon EKS)
• Hands-on experience with Cloudflare security tools (WAF, DDoS, Bot Management, Zero Trust)
• Strong understanding of IDS/IPS, firewalls, proxies, and DLP technologies
• Experience conducting root cause analysis and post-incident reviews
• Familiarity with MITRE ATT&CK framework and NIST incident response standards
• Experience developing and tuning SIEM detection rules
• Knowledge of scripting or automation (Python, PowerShell, or Bash)
• Foundational understanding of AI/ML security concepts and LLM-related risks
• Strong analytical, investigation, and incident handling skills
• Ability to communicate technical findings to non-technical stakeholders
• Relevant certifications preferred (GCIA, GCIH, CompTIA CySA+, AWS Security Specialty)