Website:
maandag.com
Job details:
🌍 Client: Cybersecurity Firm
đź“Ť Company Head office: Dubai, UAE
đź•’ Employment Type: Full-Time
đź’Ľ Mode: Remote from India
Role Overview
We are seeking an experienced SOC Analyst (L3) to join our internal Security Operations Center. This role focuses on in-depth alert validation, incident investigation, and threat containment across a hybrid IT and cloud environment. The analyst will handle complex security events, perform proactive threat hunting, and collaborate closely with senior responders and detection teams to continuously improve the organization’s security posture.
Primary Objectives
- Validate and correlate security alerts to identify true security incidents
- Investigate attacker activity to determine entry point, scope, impact, and timeline
- Contain threats swiftly and provide clear remediation guidance
- Escalate and coordinate with senior SOC / Incident Response teams during major incidents
- Maintain detailed documentation and highlight visibility or detection gaps
- Improve monitoring, detection quality, and response effectiveness across the SOC
Key Responsibilities
- Monitor and triage security alerts from SIEM, EDR, NDR, and cloud security platforms
- Perform deep-dive investigations across endpoint, network, identity, and cloud layers
- Differentiate true positives vs false positives with strong analytical judgment
- Execute initial incident response actions (containment, isolation, account blocking, etc.) using defined playbooks
- Enrich alerts using threat intelligence, MITRE ATT&CK mapping, and contextual analysis
- Investigate phishing, malware, ransomware, credential abuse, lateral movement, and persistence techniques
- Analyze logs from Windows, Linux, firewalls, network devices, and cloud platforms
- Conduct email header analysis and malware/software analysis (static and dynamic)
- Perform proactive threat hunting across endpoint, network, and cloud telemetry
- Maintain accurate incident timelines, evidence, and internal reports
- Collaborate with Detection & Automation teams to reduce alert noise and enhance detection logic
- Support 24/7 SOC operations in a rotational shift model, including nights and weekends
Required Experience & Qualifications
- 5+ years of experience in a SOC, MDR, or Security Operations role
- Strong hands-on experience with:
- SIEM tools: Microsoft Sentinel, Splunk, QRadar, FortiSIEM (or equivalent)
- EDR solutions: Microsoft Defender, CrowdStrike, Cortex XDR
- Excellent knowledge of Windows security and Active Directory investigations, including:
- Logon types, Kerberos authentication
- Lateral movement and privilege escalation techniques
- Solid understanding of:
- Common attack techniques: phishing, malware, ransomware, credential theft, persistence
- MITRE ATT&CK framework
- Incident response lifecycle: contain, eradicate, recover
- Strong networking fundamentals:
- TCP/IP, DNS, DHCP, HTTP/S
- OSI model, routing, switching, common protocols
- Experience analyzing process trees, command-line activity, parent/child processes
- Working knowledge of Azure, AWS, and GCP security fundamentals
- Ability to write clear, structured incident reports and summaries
- Comfortable working under pressure during active security incidents
- Willingness to work 24/7 rotational shifts including nights, weekends, and holidays
Click on Apply to know more.