Job description
The Senior Security Analyst (L3) is responsible for leading advanced security monitoring, threat detection, incident investigation, and threat hunting activities within the Security Operations Center (SOC).
The role acts as a senior escalation point for complex and high-severity security incidents, supporting the continuous enhancement of ZainTECH’s cybersecurity monitoring and incident response capabilities across enterprise and customer environments.
Working closely with SOC Engineering, Incident Response, and Security Operations teams, the analyst plays a key role in developing SIEM use cases, refining detection logic, improving SOC processes, and strengthening operational security maturity.
The role also contributes to strategic cybersecurity initiatives, operational reporting, and continuous improvement of security monitoring capabilities.
Responsibilities: Security Monitoring & Threat Detection Monitor, analyze, and investigate security events across enterprise and customer environments Perform advanced event correlation and threat analysis using SIEM and SOAR platforms Analyze security alerts to validate incidents and assess business impact and risk exposure Investigate and escalate complex or high-severity security incidents in accordance with defined procedures and SLAs Support incident containment, eradication, recovery, and post-incident activities SIEM Administration & Content Development Administer, configure, and optimize SIEM platforms and related monitoring technologies Develop and maintain: Correlation rules Dashboards Reports Filters Detection use cases Real-time monitoring content Support log integration activities and tuning initiatives to improve detection accuracy and reduce false positives Work closely with SOC Engineering teams to refine monitoring capabilities and operational effectiveness Threat Hunting & Advanced Analysis Conduct proactive threat hunting activities to identify emerging threats, suspicious behavior, and advanced attack patterns Perform multi-stage investigative analysis to trace advanced threats and attacker activities Maintain strong understanding of: Advanced Persistent Threats (APTs) Threat actor tactics, techniques, and procedures (TTPs) Incident response methodologies Digital forensics concepts Coordinate evidence gathering, investigation documentation, and incident analysis activities Incident Response & Operational Support Prepare and communicate incident analysis findings to relevant stakeholders and response teams Support the execution of incident response and escalation procedures Analyze recurring incidents and identify opportunities to improve security controls, monitoring capabilities, and operational processes Contribute to operational reporting, SOC metrics, and executive-level reporting requirements Process Improvement & Documentation Develop and enhance SOC operational processes, procedures, and playbooks Collaborate with L1 and L2 analysts to improve operational workflows and response effectiveness Provide recommendations for improvements to: Security architecture Monitoring coverage Policies and procedures Detection capabilities Support continuous improvement initiatives aligned with SOC maturity objectives Technical Leadership & Mentorship Serve as a technical escalation point and mentor for junior SOC analysts Provide guidance and knowledge transfer to L1 and L2 analysts Support capability development and operational readiness initiatives within the SOC team Assist in driving strategic cybersecurity and operational security initiatives 5+ years of experience in SOC operations, Security monitoring, Event analysis , Incident response, and Threat hunting Proven experience working within enterprise or managed SOC environments Strong hands-on experience with SIEM and SOAR platforms Bachelor’s degree in Cybersecurity, Information Security, Computer Science or a related technical field Strong understanding of security operations methodologies, threat analysis, and incident response best practices Experience working within enterprise, MSSP, or managed security environments is highly preferred
This job post has been translated by AI and may contain minor differences or errors.
