Tier 3 Security Analyst

• Lead Tier 1 and Tier 2 analysts by example and provide technical guidance.
• Conduct training sessions, provide coaching, and ensure continuous skill development for the team.
• Plan relevant certifications for Tier 1 and Tier 2 analysts, ensuring proper progression with certifications arranged yearly.

• Actively hunt for threats, identify unknown vulnerabilities, and close security gaps within networks.
• Identify all security attack vectors, classify incidents, and assess their impact.
• Review all escalations from Tier 1 and Tier 2 analysts, ensuring comprehensive analysis and daily updates to the SOC Manager and Head of SOC.
• Proactively update documentation, processes, workflows, and other operational aspects for continuous improvement.

• Oversee and optimize SIEM operations, ensuring effective log correlation and alert management.
• Manage SOAR platform implementations to automate incident response workflows and reduce manual intervention.
• Supervise ticketing systems to ensure proper incident tracking, escalation, and resolution documentation.
• Lead complex incident response activities, coordinating with internal teams and external stakeholders.

• Work closely with Tier 2 analysts to gather feedback and evidence on false positives.
• Collaborate with the Threat Detection Team to reduce false positives across all customers.
• Ensure consistent application of false positive reduction measures for all MSSP clients.

• Disseminate threat intelligence news and updates to all security analysts, ensuring the team remains informed about emerging threats and attack techniques.

• Maintain oversight of SOC processes to ensure compliance and operational effectiveness.
• Plan and implement improvements to SOC operations, focusing on proactive threat detection and response.
• Monitor and "police" SOC workflows, providing tracking and daily updates to SOC leadership.

• Extensive experience in SOC operations, including threat hunting and advanced incident analysis.
• Strong understanding of SIEMs, threat intelligence platforms, and security tools.
• Hands-on experience with SIEM/SOAR platforms and ticketing systems for incident response management.
• Leadership experience with a track record of mentoring and developing security teams.
• Excellent communication, documentation, and organizational skills.
• Ability to handle high-pressure situations and critical security incidents effectively.
• A collaborative mindset to work effectively with other SOC tiers and managers.
• Strong analytical and problem-solving skills to address complex security challenges.

• GoogleSecOps (Google Security Operations) platform experience highly preferred.
• Fortinet security solutions experience preferred.
• Cloudflare security services experience preferred.

• Minimum certification requirement: ECIH (EC-Council Certified Incident Handler) or GCIH (GIAC Certified Incident Handler) or equivalent incident handling certification.
• Additional preferred certifications: CISSP, CISM, GIAC, OSCP, GCFA.
• Commitment to continuous learning to stay updated with the latest security trends and technologies.
• Adherence to SOC playbooks, standard operating procedures, and compliance requirements.

• Primary schedule: Office hours (standard business hours).
• Must be willing to support shift operations during High Severity Incidents, which may include:

• Being activated to work on-shift during critical incidents, or
• Remaining on standby to provide operational support as needed.
• Willingness to support outside of regular hours during operational exigencies.

ST Engineering