Company
L3SOCInternalAnalyst
Neural analysis suggests this role is
optimal for Senior candidates.
“L3 SOC Internal Analyst. Skills: SOC operations, incident response, threat hunting. Lead day-to-day operations of Cyber Defense Center. Set direction for monitoring, investigation, incident response”
What You'll Achieve.
measurable threat hunting outcomes; demonstrate SOC performance; drive improvements
Industry & Context.
investigation; incident response; complex alerts; complex incidents; high-impact investigations; prioritize critical incidents; make rapid decisions
on-call basis (24/7/365)
What They're Looking For.
Must Have
Several years of experience in a Security Operations Center, incident response, or threat detection role, senior/L3 responsibilities, team or vendor coordination, Experience in incident response, threat detection, or security monitoring, expertise in detection and response workflows, ability to work under pressure, prioritize critical incidents, make rapid decisions, support on-call escalation, Hands-on experience with SIEM, SOAR, and EDR technologies, solid understanding of detection technologies such as IDS/IPS, DLP, and WAF, Understanding of security threats and attack frameworks such as MITRE ATT&CK and the Cyber Kill Chain, Ability and drive to review, manage and continously improve vendor performance, contracting and metrics with clear accountability and follow-through, Experience leading threat hunting activities, including defining hypotheses, objectives, and measurable outcomes
Nice to Have
Familiarity with EU cybersecurity regulations relevant to SOC operations (e. g. , NIS2 Directive), Professional certifications such as CISM, GCIA, GCIH, or CISSP, Fluency in German
What You'll Do.
Lead day-to-day operations of Cyber Defense Center
Set direction for monitoring
Act as primary interface to MSSP
Serve as senior escalation point
Shape and steer threat hunting activities
Drive continuous evolution of detection and response capabilities
Strengthen organization's security posture
Act as single point of contact for MSSP
Manage vendor performance
Serve as L3 escalation point
Provide senior technical expertise
Coordinate and lead response to incidents
Ensure effective handover to CIRT
Own SIEM/SOAR detection lifecycle
Define threat hunting objectives
Coordinate MSSP-led threat hunting activities
Develop and produce monthly KPI dashboards
Increase log coverage
Improve telemetry quality
Enhance overall visibility
Serve as Duty Operational Manager
Provide senior operational oversight
Provide incident support out of hours
How You'll Work.
Team & Collaboration
Collaboration with engineering; Collaboration with CIRT; Collaboration with threat intelligence; Collaboration with other capability functions; Coordination with SOC tiers; Coordination with MSSP
Communication Scope
translate technical findings for technical audiences; translate technical findings for executive audiences
Process & Methodology
manage vendor performance, manage contracting, manage metrics
Full Job Description
Your Role As L3 SOC Internal Analyst, you lead the day‑to‑day operations of our Cyber Defense Center (CDC) and set the direction for effective monitoring, investigation, and incident response across all SOC tiers. You act as the primary interface to our Managed Security Service Provider (MSSP) and as the senior escalation point for our most complex and high‑impact investigations. Beyond the operational lead role, you shape and steer our threat hunting activities, ensuring they are risk‑driven, measurable, and firmly anchored in CDC governance. In close collaboration with engineering, CIRT, threat intelligence, and other capability functions, you drive the continuous evolution of our detection and response capabilities and help strengthen the organization's overall security posture. \- Act as the single point of contact for the MSSP conducting SOC 24/7 monitoring and manage vendor performance, outputs, and service assurance. \- Serve as the L3 escalation point for complex alerts, incidents, and investigations, providing senior technical expertise and decision‑making. \- Coordinate and lead response to incidents across SOC tiers and ensure effective handover to the CIRT for high and critical cases. \- Own the SIEM/SOAR detection lifecycle, including log source onboarding, continuous fine‑tuning of detection rules, and review/validation of use cases. \- Define threat hunting objectives, aligning them with the CDC’s strategic goals and coordinate MSSP-led threat hunting activities. \- Develop and produce monthly KPI dashboards and reporting to demonstrate SOC performance and drive improvements. \- Work with the engineering team to increase log coverage, telemetry quality, and overall visibility across the monitored environment. \- Serve as Duty Operational Manager on a rotational on‑call basis (24/7/365), providing senior operational oversight and incident support out of hours. Your Profile \- Degree in Computer Science, IT Security, or a related field, or equivalent wo
Applying for this L3 SOC Internal Analyst role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Workday
- Workday has a multi-step form — save your progress after every section.
- "Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
- Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
- Job requisition numbers are useful when following up with HR by email.
ANONYMOUS · UNFILTERED
What do employees actually say about this company?
Real rants from real employees. Read before you apply.