Positka
Website:
positka.com
Job details:
JOB DESCRIPTION
SOC Analyst — Level 3
Managed Security Services Provider (MSSP), Full-Time
Mode – WFO
Location - Chennai, TN
We are looking for a senior SOC L3 Analyst who goes beyond threat detection — someone who owns SOC efficiency, drives automation and AI initiatives, builds internal security products, and serves as the trusted security advisor for client stakeholders. You will operate at the intersection of threat intelligence, engineering, and client management in a high-tempo MSSP environment.
CORE SOC RESPONSIBILITIES
● Lead triage, investigation, and response for high-severity and complex incidents across the MSSP client base; serve as final escalation point from L1/L2 analysts.
● Perform deep-dive forensic analysis, root cause investigations, and threat hunting across SIEM, EDR, NDR, and cloud log sources.
● Develop, tune, and maintain detection rules, correlation logic, and use cases to reduce false positives and improve signal fidelity across client environments.
● Author detailed incident reports, post-incident reviews, and actionable remediation guidance; mentor L1/L2 analysts on investigation techniques.
● Consume and operationalize threat intelligence feeds; map adversary TTPs to MITRE ATT&CK; and drive proactive detection coverage improvements.
STAKEHOLDER COMMUNICATION & MANAGEMENT
● Act as the primary technical point of contact for client security teams during active incidents; communicate clearly under pressure to both technical and executive audiences.
● Conduct regular service review calls and deliver monthly/quarterly security posture reports with KPIs, trend analysis, and strategic recommendations.
● Manage SLA adherence, escalation workflows, and client expectations across concurrent MSSP engagements; flag risk and service gaps proactively.
● Collaborate with client IT and security leadership to align SOC coverage with their risk appetite, compliance requirements, and business priorities.
SOC EFFICIENCY · AUTOMATION & AI
● Own the SOC automation roadmap — identify repetitive workflows, design and deploy SOAR playbooks, and track time-to-detect/time-to-respond metrics to demonstrate impact.
● Evaluate and integrate AI/ML-assisted detection and triage tools; build LLM-assisted workflows for alert summarisation, IOC enrichment, and analyst decision support.
● Measure and continuously improve SOC KPIs — MTTD, MTTR, alert-to-case ratio, analyst workload balance — and present findings to leadership.
● Champion a continuous improvement culture — run retrospectives after major incidents and automation failures, and drive learnings into updated runbooks and playbooks.
CYBERSECURITY PRODUCT DEVELOPMENT
● Contribute to internal security product development — from ideation to deployment — including detection-as-code frameworks, threat intelligence platforms, and SOC dashboards.
● Translate operational SOC pain points into product requirements; collaborate with engineering teams using agile methodologies and maintain a security-first product mindset.
● Prototype and validate tooling using Python/scripting, REST APIs, and open-source security frameworks; maintain clear documentation and version control practices.
● Evaluate third-party vendor tools and contribute to build-vs-buy decisions with well-reasoned technical assessments aligned to MSSP service delivery needs.
REQUIRED SKILLS & NICE TO HAVE
Nice to Have
● MSSP or multi-tenant environment experience
● Certifications: GCIH, GCFE, GCTI, CISSP, or equivalent
● Experience applying LLMs or AI tools in a security operations context
● Familiarity with agile/scrum product development workflows
● Prior experience contributing to open-source security tooling
● Background in red teaming or adversary simulation (CREST, OSCP)
Required Skills
● 5+ years in SOC / incident response, with 2+ years at L3 or equivalent
● Deep expertise in SIEM (Splunk, Sentinel, Chronicle), EDR, and NDR platforms
● Hands-on SOAR experience (Palo Alto XSOAR, Splunk SOAR, or equivalent)
● Proficiency in Python, PowerShell, or Bash for automation and tooling
● Strong understanding of MITRE ATT&CK;, Cyber Kill Chain, and threat intel frameworks
● Experience with cloud security (AWS, Azure, or GCP) in an enterprise context
Click on Apply to know more.