Senior SOC Analyst Level 3

Job Description

What will your essential responsibilities include

- Take full ownership of incidents escalated by Level 2 analysts.
- Conduct complex investigations and provide advice to L2 SOC analysts.
- Develop customized scripts and procedures to automate repetitive tasks and improve the efficiency of incident response activities.
- Provide expert advice on incident remediation and recovery efforts.
- Develop threat remediation strategies.
- Perform proactive analysis of AXA XLs attack surface and advice on potential threats and attack vectors.
- Review and provide feedback on security control capability gaps based on security intrusion trends.
- Create and refine runbooks/playbooks for all alerts.
- On-board log sources and work on log issues.
- Fine-tune EDR and other tooling to exclude noise and false positives.
- Create and fine-tune content in SIEM - correlation rules, Dashboard and Reports.
- Interact with SIEM, EDR and other SOC tooling vendors (TAC Support) to remediate any issues with tooling.
- Monitor API threat detection, reporting and containments.
- Demonstrate experience in conducting digital forensics investigations relating to incident detection and response.
- Responsible for making decisions and identifying required actions. During high-severity security incidents, you will advise the AXA XL Head of SOC, CISO and CSO on appropriate containment, eradication, and remediation measures.
- Provide an after-hours point of escalation for critical incidents.
- Define the operational roadmap and key metrics for incident detection and response.
- Collaborate with internal stakeholders to align on and implement security incident detection and response processes.
- Develop SOC security incident policies and investigation procedures, for use across multiple information systems and teams.
- Conduct compliance monitoring and perform SOC/SIEM security control testing.
- Analyze, define, and manage the delivery of new SIEM rules.
- Conduct use case testing and modify or create as and when required.
- Create new custom detection rules using KQL.
- Design and implement SIEM and EDR enhancements and configurations.
- Manage and represent the Security Operations team on ethical hack exercises. You will report to the Head of SOC.

Required Skills and Abilities:

- Good knowledge of Microsoft Defender and Microsoft Sentinel, including developing complex KQL queries.
- Experience in performing digital forensics investigations.
- Experience in developing scripts (Python, Powershell, etc.) quickly in reaction to incidents.
- Demonstrate experience of good knowledge in information security principles applied to architecture, networks & systems, digital forensics, security risk assessments and software development).
- Good knowledge and understanding of technologies utilized in cyber security (SIEM, SOAR, Firewalls, IAM, IDS/IPS, Anti-malware, End Point Protection, Database Security, Threat management/intelligence).
- Actionable knowledge of MITRE ATT&CK framework.
- Effective knowledge of exploitable vulnerabilities and remediation techniques.
- Experience in automating manual processes for responding to security incidents.
- Experience in threat intelligence and CERT/CSIRT activities.
- Knowledge of current threat actor techniques.
- Understanding of threat landscapes and threat modelling, security threat and vulnerability management, and security monitoring.
- Awareness of tools and techniques used by attackers to enter corporate networks, including common IT system flaws and vulnerabilities.

Desired Skills and Abilities:

- Excellent troubleshooting and critical thinking skills.
- Experience in SOC documentation development.
- Demonstrated experience in communicating complex security concepts, both verbally and in writing, to a variety of audiences.
- Must take ownership of tasks and demonstrate a high degree of autonomy to ensure completion.
- Must be personable and foster good stakeholder and peer group working relationships.
- Certifications such as CISSP, GIAC, CEH or other.

---