SOC Level 3 Analyst & Incident Response Lead

Get AI-powered advice on this job and more exclusive features.

Company Description

BETSOL is a cloud-first digital transformation and data management company offering products and IT services to enterprises in over 40 countries. BETSOL team holds several engineering patents, is recognized with industry awards, and BETSOL maintains a net promoter score that is 2x the industry average.

Company Description

BETSOL is a cloud-first digital transformation and data management company offering products and IT services to enterprises in over 40 countries. BETSOL team holds several engineering patents, is recognized with industry awards, and BETSOL maintains a net promoter score that is 2x the industry average.

BETSOL’s open source backup and recovery product line, Zmanda (Zmanda.com), delivers up to 50% savings in total cost of ownership (TCO) and best-in-class performance.

BETSOL Global IT Services (BETSOL.com) builds and supports end-to-end enterprise solutions, reducing time-to-market for its customers.

BETSOL offices are set against the vibrant backdrops of Broomfield, Colorado and Bangalore, India.

We take pride in being an employee-centric organization, offering comprehensive health insurance, competitive salaries, 401K, volunteer programs, and scholarship opportunities. Office amenities include a fitness center, cafe, and recreational facilities.

Job Description

We are seeking a highly skilled and experienced Tier 3 SOC Analyst who will also function as the Incident Response Lead. This is a hybrid technical-leadership position focused on managing critical security events, conducting forensic investigations, and continuously enhancing the incident response program. As a senior member of the SOC, you will be the escalation point for complex and high-impact security incidents, support forensic analysis, lead root cause investigations, and contribute to detection engineering efforts.

Qualifications

Key Responsibilities

Tier 3 SOC Analyst Duties

• Act as the final escalation point for complex security alerts and incidents identified through Azure Sentinel and other security monitoring tools.
• Conduct in-depth digital forensic investigations across endpoints, networks, and cloud infrastructure (Azure, M365, Microsoft Dynamics, etc.).
• Perform malware analysis, reverse engineering, and memory/disk analysis to support incident triage and response.
• Provide expert-level guidance to Tier 1 and Tier 2 SOC analysts; coach and mentor to raise team capabilities.
• Correlate threat intelligence with incident data to understand adversary behavior and campaign objectives.
• Collaborate with SIEM engineers to tune, develop, and optimize detection use cases, particularly for emerging threats.
• Maintain documentation of playbooks, threat scenarios, and incident patterns.
  
  

• Lead and coordinate the end-to-end incident response lifecycle, from detection through containment, eradication, and recovery.
• Own and maintain IR documentation including incident tracking, timelines, RCA, and after-action reports.
• Liaise with the CSIRT team and relevant business stakeholders during critical incidents.
• Lead post-incident reviews and facilitate lessons learned workshops, contributing to policy, procedure, and control improvements.
• Drive continuous process improvement across SOC and IR operations, ensuring integration with change and problem management.
• Ensure executive-level incident reporting and briefings are prepared and delivered as needed.
  
  

• 5+ years of experience in a Security Operations Center or Incident Response role.
• Proven experience leading major incident response efforts (e.g., ransomware, APT, data breaches).
• Strong forensic analysis skills (disk, memory, log, and network forensics).
• Advanced proficiency in SIEM platforms (preferably Microsoft Sentinel), EDR tools (Defender for Endpoint), and forensic toolsets.
• Hands-on experience with vulnerability management and cloud security tools such as Wiz, Tenable, or Qualys.
• Understanding of attacker TTPs mapped to MITRE ATT&CK and threat hunting methodologies.
• Hands-on experience with scripting and automation (e.g., PowerShell, Python) to streamline investigations and response.
• Knowledge of security controls, network protocols, operating systems, and cloud environments (Azure).
• Strong communication skills and ability to present technical findings to non-technical stakeholders.
  
  

• GIAC Certified Forensic Analyst (GCFA) or GIAC Certified Incident Handler (GCIH)
• CISSP, oscp, GCIA, or equivalent
• Microsoft certifications: SC-200, SC-300, AZ-500
  
  

• Calm and decisive under pressure
• Analytical and detail-oriented
• Strong leadership and collaboration skills
• Proactive approach to process optimization and threat mitigation
• Passion for continuous learning and capability development

• Seniority level
  Mid-Senior level

• Employment type
  Full-time

• Industries
  IT Services and IT Consulting

Referrals increase your chances of interviewing at BETSOL by 2x

Get notified about new Security Operations Center Analyst jobs in Denver, CO.

Denver, CO $135,000.00-$185,000.00 2 weeks ago

Denver, CO $117,750.00-$232,000.00 2 weeks ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.