L3 SOC Analyst
See all open roles at saviynt, inc. →
Some ghost-posting signals
- open for 133 days (90+ without a fill is a strong ghost signal)
- 161 open roles at this company in 30 days (mass-hiring blitz)
- no salary disclosed (correlates with ghost postings)
See your fit for this role and apply with a truthfully tailored résumé.
About the role
WHAT YOU WILL DO:
Incident Response & Technical Escalation
Act as the final escalation point for complex incidents originating from L1/L2 analysis.
Lead investigations into high-severity security events, including those impacting AWS, Kubernetes clusters and hybrid environments.
Perform advanced forensic analysis across endpoints, cloud workloads, and network telemetry to determine root cause, impact, and remediation actions.
Correlate telemetry from SIEM, EDR, CSPM, and cloud-native sources to identify sophisticated attack chains.
Security Automation & SOAR Engineering
Design, develop, and maintain automated response playbooks within the SOAR platform to improve response efficiency.
Build and maintain automation scripts (Python, go, etc.) for alert enrichment, evidence collection, and containment.
Integrate security platforms via APIs to enable streamlined, automated detection and response workflows.
Identify opportunities to reduce Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) through automation and process optimisation.
Threat Hunting & Detection Engineering
Conduct proactive threat hunting across enterprise and cloud environments using intelligence-driven and hypothesis-based methodologies.
Serve as an SME for cloud security monitoring leveraging tools such as AWS GuardDuty, CloudTrail, CrowdStrike, and Proofpoint.
Develop and tune SIEM detections, correlation rules, and EDR queries aligned to MITRE ATT&CK tactics and emerging threat intelligence.
Mentorship & Continuous Improvement
Provide technical mentoring and guidance to L1/L2 analysts to strengthen SOC capability.
Maintain and enhance SOC documentation including SOPs, runbooks, and response playbooks.
Analyse incident trends and operational metrics to recommend improvements in detection coverage, automation effectiveness, and security posture.
WHAT YOU BRING:
Bachelor’s degree in Computer Science, Cybersecurity, or related discipline (or equivalent industry experience).
Extensive experience in Security Operations with demonstrable time in a senior analyst, threat hunter, or L3 role.
Strong hands-on experience in cloud security monitoring and incident response across AWS - AWS experience is essential for this role.
Proven scripting and automation capability using Python, Go, PowerShell,Bash,etc.
Practical experience with SOAR platforms (e.g., CrowdStrike Fusion SOAR) and SIEM technologies (e.g., CrowdStrike Falcon, Splunk, QRadar, Microsoft Sentinel).
Deep understanding of EDR tooling, host/network forensics, and detection engineering practices.
Strong working knowledge of the MITRE ATT&CK framework and its application in threat detection and hunting.
Stop applying to ghosts.
OyaPilot surfaces only verified, real jobs, scores your fit, and tailors your application truthfully.
Do more with OyaPilot