L3 SOC Analyst

UK SOC Requisition Document

Job Title: L3 SOC Analyst

Location: United Kingdom Type: Full-time, permanent

Role Overview:
We are establishing a modern Security Operations Centre designed to deliver proactive,
intelligence-driven security outcomes. Moving beyond traditional reactive monitoring, our
SOC emphasises AI, automation, detection engineering, and deep cloud security visibility to
identify and neutralise sophisticated threats at scale.

The L3 SOC Analyst will act as the senior technical escalation point within the SOC, leading
complex investigations, driving automation initiatives, and mentoring junior analysts. This
role requires strong hands-on expertise across cloud security, threat hunting, incident
response, and orchestration technologies.

Key Responsibilities
Incident Response & Technical Escalation
● Act as the final escalation point for complex incidents originating from L1/L2 analysis.
● Lead investigations into high-severity security events, including those impacting AWS,
Azure, Kubernetes clusters and hybrid environments.
● Perform advanced forensic analysis across endpoints, cloud workloads, and network
telemetry to determine root cause, impact, and remediation actions.
● Correlate telemetry from SIEM, EDR, CSPM, and cloud-native sources to identify
sophisticated attack chains.
Security Automation & SOAR Engineering
● Design, develop, and maintain automated response playbooks within the SOAR
platform to improve response efficiency.
● Build and maintain automation scripts (Python, go, etc.) for alert enrichment,
evidence collection, and containment.
● Integrate security platforms via APIs to enable streamlined, automated detection and
response workflows.
● Identify opportunities to reduce Mean Time to Detect (MTTD) and Mean Time to
Respond (MTTR) through automation and process optimisation.

Threat Hunting & Detection Engineering
● Conduct proactive threat hunting across enterprise and cloud environments using
intelligence-driven and hypothesis-based methodologies.
● Serve as an SME for cloud security monitoring leveraging tools such as AWS
GuardDuty, CloudTrail, CrowdStrike, and Proofpoint.
● Develop and tune SIEM detections, correlation rules, and EDR queries aligned to
MITRE ATT&CK tactics and emerging threat intelligence.
Mentorship & Continuous Improvement
● Provide technical mentoring and guidance to L1/L2 analysts to strengthen SOC
capability.
● Maintain and enhance SOC documentation including SOPs, runbooks, and response
playbooks.
● Analyse incident trends and operational metrics to recommend improvements in
detection coverage, automation effectiveness, and security posture.
Skills & Experience Required
● Bachelor’s degree in Computer Science, Cybersecurity, or related discipline (or
equivalent industry experience).
● Extensive experience in Security Operations with demonstrable time in a senior
analyst, threat hunter, or L3 role.
● Strong hands-on experience in cloud security monitoring and incident response
across AWS, Azure, or GCP.
● Proven scripting and automation capability using Python, Go, PowerShell,Bash,etc.
● Practical experience with SOAR platforms (e.g., CrowdStrike Fusion SOAR) and SIEM
technologies (e.g., CrowdStrike Falcon, Splunk, QRadar, Microsoft Sentinel).
● Deep understanding of EDR tooling, host/network forensics, and detection
engineering practices.
● Strong working knowledge of the MITRE ATT&CK framework and its application in
threat detection and hunting.

Additional Role Requirements (UK Specific)
- UK Citizenship is mandatory due to data residency, customer contractual obligations,
and potential security clearance requirements.
- Candidates must have the unrestricted right to work in the United Kingdom.
- The role forms part of a global Infosec team, hence availability during weekends and
outside standard working hours is expected to support critical incidents and urgent
escalations.

Desirable Certifications
● CEH, GIAC, or equivalent