Senior SOC Analyst L3

Deepsource Technologies

1. Advanced Incident Response Leadership

• Lead end-to-end handling of high-severity cybersecurity incidents (Ransomware, APT, data exfiltration, insider threats).
• Direct containment, eradication, and recovery strategies during critical incidents.
• Serve as primary escalation point for SOC L2 investigations.
• Coordinate with IT, Legal, Risk, Compliance, and executive leadership during crisis situations.
• Conduct post-incident reviews and lessons-learned workshops.

2. Digital Forensics Investigations

• Perform forensic acquisition and analysis of endpoints, servers, and cloud workloads.
• Conduct disk, memory, and network forensics using industry-standard tools.
• Preserve and maintain chain-of-custody documentation.
• Analyze artifacts such as registry, event logs, browser history, persistence mechanisms, and lateral movement traces.
• Prepare forensic reports suitable for executive and legal review.

3. Endpoint & EDR Deep Analysis

• Perform deep investigations using enterprise EDR platforms such as Microsoft Defender for Endpoint, CrowdStrike Falcon, or equivalent.
• Conduct advanced threat hunting and behavioral analysis.
• Reverse-engineer suspicious scripts or malware (basic to intermediate level).

4. SIEM & Log Correlation Expertise

• Conduct advanced log analysis across SIEM platforms such as Splunk Enterprise Security, Microsoft Sentinel, or equivalent.
• Develop and optimize advanced detection queries (SPL / KQL).
• Correlate endpoint, network, identity, and cloud telemetry for full attack chain reconstruction.
• Map incidents to MITRE ATT&CK framework techniques.

5. Network & Cloud Forensics

• Analyze PCAP, NetFlow, DNS, proxy, and firewall logs.
• Investigate suspicious lateral movement and command-and-control traffic.
• Perform forensic investigations within Microsoft 365, Azure, and AWS environments.
• Assess identity compromise scenarios (AD, Azure AD, privileged access abuse).

6. Threat Intelligence & Proactive Defense

• Integrate threat intelligence feeds into DFIR investigations.
• Conduct proactive threat hunting campaigns.
• Participate in red team / purple team exercises.
• Identify detection gaps and recommend defensive improvements.

7. Governance & Compliance Support

• Ensure forensic readiness aligned with NCA ECC, SAMA CSF, ISO 27001, and other regulatory frameworks.
• Maintain forensic documentation aligned with legal admissibility standards.
• Contribute to incident response policy and playbook development.

8. On-Call & Crisis Response

• Participate in 24x7 on-call rotation for major incidents.
• Provide immediate response and executive-level briefing during critical cybersecurity events.

Candidates must demonstrate proven, hands-on DFIR experience in:

• Minimum 7 10 years of experience in cybersecurity operations.
• At least 3 5 years in L3 / DFIR role handling major enterprise incidents.
• Practical experience with forensic tools such as:
• o EnCase
• o FTK
• o X-Ways
• o Volatility
• o Autopsy
• Memory forensics and live response techniques.
• Ransomware investigation and recovery coordination.
• Advanced Windows & Linux artifact analysis.
• Network protocol deep understanding (TCP/IP, DNS, HTTP/S, SMB, LDAP, Kerberos).
• Cloud security investigations (Azure / AWS / M365).
• Evidence handling and chain-of-custody documentation.
• Experience working in regulated sectors (Banking, Government, Critical Infrastructure preferred).