Senior Security Analyst – Level 3

• Design, develop, and deploy high-fidelity detection rules across SIEM platforms such as Splunk, Microsoft Sentinel, IBM QRadar, and Devo.
• Create custom use cases to detect MITRE ATT&CK–aligned TTPs based on real-world threats and red team activities.
• Conduct detection gap analysis, tune alert mechanisms, and reduce false positives across MSS customer environments.
• Perform regular tuning and optimization of detection logic and correlation rules to enhance accuracy and reduce noise.
• Continuously assess and refine detection efficacy based on incident feedback and threat evolution.
• Collaborate with red/purple teams to validate detection logic and enhance threat-informed defenses.
• Maintain alignment of detection logic with the latest threat intelligence and industry best practices.
• Proactively hunt for advanced threats across on-premises and cloud environments using telemetry from SIEM, EDR, and NDR tools.
• Develop hypotheses for hunting campaigns based on TTPs, intelligence feeds, and incident trends.
• Use frameworks such as MITRE ATT&CK and the Diamond Model to structure hunting activities.
• Ingest, analyze, and operationalize threat intelligence from internal, commercial, and open-source sources (OSINT).
• Collaborate with internal and external intelligence teams to contextualize IOCs and TTPs.
• Contribute to the threat intelligence lifecycle (collection, analysis, dissemination, feedback).
• Maintain updated threat intelligence repositories and support continuous improvement of intelligence playbooks.
• Lead the full incident response lifecycle, including detection, triage, containment, eradication, and recovery.
• Investigate and analyze incidents escalated by L1/L2 SOC analysts, determining root causes and impact.
• Conduct forensic investigations on endpoints, logs, and network data to identify indicators of compromise.
• Coordinate with internal stakeholders and external partners during critical security incidents.
• Prepare detailed incident and root cause analysis (RCA) reports with remediation and mitigation recommendations.
• Develop and maintain incident response playbooks, runbooks, and procedures.
• Mentor and guide L1/L2 SOC analysts in advanced investigations and tool usage.
• Lead customer meetings to review SOC performance, security posture, and ongoing initiatives.
• Present key metrics, RCA summaries, and incident reports to customers and management.
• Participate in tabletop exercises and red/purple team assessments.
• Act as the primary escalation point for major incidents and client communications.
• Identify process gaps and drive improvements or automation within SOC operations.
• Collaborate with cross-functional teams including Engineering, Development, and Compliance to ensure cohesive defense strategies.

• Minimum of 8–10 years of experience in SOC or Managed Security Services (MSS) environments.
• Bachelor’s Degree in Computer Science, Cybersecurity, Information Security, or equivalent discipline.
• Proven hands-on experience with SIEM technologies (Splunk, Microsoft Sentinel, IBM QRadar, Devo).
• Strong knowledge and experience with EDR/EPP platforms such as CrowdStrike and Microsoft Defender.
• Experience with SOAR technologies and security automation workflows.
• Understanding of malware analysis across Windows, Linux, and macOS environments.
• Exposure to firewall technologies including Cisco, Palo Alto, Checkpoint, and Fortinet.
• Proficiency in Windows and Linux environments, including Unix-based troubleshooting.
• Practical experience with scripting (Python, PowerShell, or shell scripting) for task automation.
• Knowledge of current cyber threats, vulnerabilities, and attack vectors.
• Strong team collaboration and leadership abilities, with proven mentoring experience.
• At least one SANS certification (GCIH preferred).
• Familiarity with ITIL standards and structured SOC operations.
• Ability to develop and maintain SOC standard operating procedures and custom threat intelligence feeds (e.g., MISP).

• Experience performing vulnerability assessments and reporting findings to business stakeholders.
• Familiarity with threat hunting techniques and proactive detection strategies.
• Expertise in network security technologies (IDS/IPS, VPNs).
• Working knowledge of cloud security platforms (AWS, Azure, Google Cloud).
• Understanding of compliance frameworks such as GDPR, NIST, and PCI-DSS.
• Experience in forensics, incident response, and penetration testing.
• Advanced proficiency in automation and scripting for operational efficiency.
• Strong analytical and troubleshooting skills, particularly during high-severity incidents.

To apply, simply click the "Apply" button or send your updated profile to recruit@percept-solutions.com

EA Licence No.:18S9405 / EA Reg. No.:R1330864

Percept Solutions is expanding and actively seeking talented individuals. We encourage applicants to follow Percept Solutions on LinkedIn at https://www.linkedin.com/company/percept-solutions/ to stay informed about new opportunities and events.