Cyber Security Expert

Their is a JD which will be perfect for the position

The SOC L3 Analyst is a senior member of the Security Operations Center team, responsible for advanced threat analysis, incident response, and security operations. This role involves leading investigations, developing detection capabilities, and mentoring junior analysts. The ideal candidate should possess deep technical expertise in cybersecurity, excellent problem-solving skills, and the ability to make critical decisions in high-pressure situations.

Key Responsibilities

• Ingest and normalize firewall logs (Palo Alto, FortiGate, Cisco ASA/FTD, Juniper, Check Point, etc.) into the SIEM.
• Design, implement and maintain parsers (grok/regex/CEF/LEEF/XML/JSON) and field mappings for accurate detection.
• Build and tune SIEM correlation rules and detection logic for lateral movement, data exfiltration, port scanning and suspicious firewall events.
• Design, implement, test and maintain SOAR playbooks for automated enrichment, containment and remediation (block IPs, isolate hosts, open tickets).
• Integrate SIEM and SOAR with firewalls via API, and with threat intel, vulnerability scanners, ticketing (Jira/ServiceNow), asset CMDB and EDR/XDR.
• Triage escalated incidents, perform root-cause analysis, and document remediation steps.
• Implement logging best practices and collaborate with network teams to ensure log completeness (timestamps, zones, NAT, user IDs).
• Maintain runbooks, SOPs, detection documentation and post-incident reviews.
• Mentor junior SOC staff and lead technical projects (parser rollout, SOAR playbook onboarding).

Required Skills & Experience

• 5+ years in SOC or network security engineering; 2+ years specifically with SIEM and SOAR.
• Hands-on experience with at least one SIEM (Splunk, Elastic/ELK, QRadar, Sumo Logic, ArcSight) and one SOAR (Cortex XSOAR, Splunk SOAR, Swimlane, Demisto).
• Strong knowledge of firewall technologies (Palo Alto, FortiGate, Cisco ASA/FTD, Check Point, Juniper).
• Proficient in log parsing: regex, grok, key-value extraction, CEF/LEEF normalization, JSON/XML parsing.
• Experience with REST APIs, scripting (Python/PowerShell), and automation.
• Solid incident response, network protocols (TCP/UDP/ICMP), NAT, VPN, and IDS/IPS concepts.
• Excellent documentation skills and ability to communicate with engineering and NOC teams.