SOC Tier 3 Analyst

Position: SOC Tier 3 Analyst
Employment Type: Contract, Full time
Start: ASAP
Location: Reading – Hybrid
Languages: English

We are seeking an experienced and highly capable SOC Tier 3 Analyst to serve as a senior member of our Security Operations Center (SOC). You will lead advanced incident response efforts, conduct proactive threat hunting, perform digital forensics, and collaborate cross-functionally to safeguard our digital assets and infrastructure. This is a pivotal role for those passionate about cybersecurity, threat detection, and investigative analysis.

Key Responsibilities
Advanced Incident Detection & Response

• Lead the investigation and resolution of complex cyber incidents, including APTs, malware outbreaks, and data breaches.
• Take charge of escalated alerts from Tier 1 and 2 analysts and guide them through advanced response protocols.
• Utilize SIEM, EDR, and threat intelligence platforms to perform deep-dive analysis and response.

Threat Hunting & Analysis

• Proactively identify emerging threats through behavioral analytics and threat intelligence.
• Analyze log data, network activity, and endpoints to uncover hidden anomalies or malicious behavior.
• Partner with security engineering teams to build detection capabilities based on evolving threats.

Digital Forensics & Investigation

• Conduct detailed forensic investigations to determine incident scope, root cause, and impact.
• Collect and preserve digital evidence in accordance with legal and regulatory standards.
• Deliver comprehensive findings, timelines, and impact reports.

Remediation & Recovery

• Advise on containment, eradication, and recovery procedures in collaboration with IT and infrastructure teams.
• Ensure proper cleanup and restoration of affected systems.
• Share Indicators of Compromise (IOCs) and support threat blocking strategies.

Collaboration & Knowledge Sharing

• Mentor junior SOC analysts and share knowledge across incident response workflows.
• Engage with stakeholders across IT, DevOps, and legal to enhance security posture.
• Contribute to post-incident reviews and continuous process improvement.

Security Research & Intelligence

• Stay ahead of industry developments, vulnerabilities, and attacker methodologies.
• Create detection rules and playbooks to improve SOC capabilities.
• Contribute threat intelligence findings and detection logic to the team knowledge base.

Documentation & Reporting

• Produce clear, detailed incident reports and present findings to stakeholders or clients.
• Maintain thorough documentation of investigation steps, timelines, and decisions taken.

⚖️ Compliance & Risk Mitigation

• Ensure all incident handling aligns with frameworks such as NIST, ISO 27001, and GDPR.
• Work with compliance teams to manage regulatory reporting during security incidents.

Your Profile
Essential Skills & Experience:

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• 6–8+ years in cybersecurity with a focus on incident response and threat hunting.
• Proven experience investigating APTs, ransomware, and data exfiltration attempts.
• Deep knowledge of SIEM platforms (e.g., Splunk, LogRhythm, ArcSight) and EDR solutions.
• Hands-on experience in network/system forensics and malware analysis.
• Familiarity with operating systems (Windows, Linux) and cloud environments (e.g., AWS, Azure).
• Proficiency in scripting languages like Python or PowerShell for automation and analysis.

Preferred Certifications:

• CISSP, GCIH, GCFA, GCIA, CFCE, or equivalent recognized certifications.

Soft Skills & Attributes:

• Strong critical thinking and analytical abilities.
• Excellent communication skills—able to translate technical details for varied audiences.
• Ability to remain calm and effective in high-pressure or time-sensitive situations.

Work Conditions:

• Fast-paced SOC environment.
• Availability for occasional after-hours work or on-call rotation.

Should you be interested in being considered for this position and would like to discuss further.

Please apply with your latest CV or share your CV directly with me at christophe.ramen@focusonsap.org