C3i Hub
Website:
c3ihub.org
Job details:
Role Overview
The L3 Threat Analyst leads complex incident response and advanced threat investigations, owning incidents end-to-end while guiding L1/L2 analysts. This role combines deep technical expertise, adversary understanding, and detection engineering to strengthen the organization’s overall security posture.
Key Responsibilities
Advanced Incident Response Leadership
- Lead high-severity and complex incidents (multi-stage attacks, APTs, lateral movement, data exfiltration)
- Own end-to-end response: detection → investigation → containment → eradication → recovery
- Act as the technical decision-maker during active incidents
Deep Threat Investigation
- Perform advanced analysis across.
- Endpoint telemetry, memory artifacts, disk forensics
- Network traffic (PCAP, NDR)
- Identity and cloud logs
- Reconstruct full attack chains and identify root cause + blast radius
- Handle fileless malware, living-off-the-land (LotL), and stealthy persistence techniques
Threat Hunting & Adversary Emulation
- Design and lead proactive threat hunting campaigns
- Simulate attacker techniques (red/purple mindset) to validate detection coverage
- Identify gaps and convert them into high-fidelity detections
Detection Engineering
- Design, build, and optimize advanced detection logic
- Develop detections across
- SIEM (correlation rules, anomaly detection)
- EDR/NDR analytics
- Ensure coverage across the MITRE ATT&CK framework
- Mentor L1/L2 on detection quality and tuning
Forensics & Malware Analysis
- Conduct host and network forensics
- Perform static and basic dynamic malware analysis
- Extract IOCs, behaviors, and detection patterns
Automation & SOC Engineering Collaboration
- Define and drive automation strategy (SOAR, pipelines)
- Collaborate with engineering teams to
- Improve telemetry pipelines
- Optimize data ingestion and correlation
- Scale detection systems for high EPS environments
Incident Command & Stakeholder Management
- Act as Incident Commander for critical incidents +
- Provide clear, structured communication to leadership
- Lead post-incident reviews and drive corrective actions
SOC Maturity &
- StrategyDefine and
- improve:IR p
- laybooksDetection coverage
- roadmapSOC metrics (MTTD, MTTR, detection f
- idelity)Continuously enhance SOC capabilities and re
silience
Required Skills & Quali
- fications5+ years of experience in Incident Response / Threat Hunting / SOC En
- gineeringStrong expe
- rtise in:Advanced attack techniques (APT, lateral movement, per
- sistence)MITRE ATT&CK mapping and adversary behavior
- analysisWindows & Linux
- internalsHands-on experie
- nce with:SIEM (Splunk, ELK, Sentin
- el, etc.)EDR/NDR
- platformsLog correlation in large-scale distribute
- d systemsDeep know
- ledge of:Networking (packet-level understanding, DNS abuse, C2
- patterns)Identity attacks (Kerberos, AD abuse, credenti
- al theft)Strong scripting/programming skills (Python, PowerShe
ll, Bash)
Go
- od to HaveExperience in high-throughput environments (100K+ EPS, d
- ata lakes)Detection engineering frameworks (Sigma, YARA,
- KQL, SPL)Cloud security and container en
- vironmentsReverse engineering (intermedi
- ate level)Experience in SOAR and automat
ion design
- Key TraitsThinks like an attacker, acts like
- a defenderStrong ownership and decision-making und
- er pressureSystems-level thinking (not just alerts, but pipelines and ar
- chitecture)Mentorship mindset for L1/
L2 analysts
Click on Apply to know more.