The L3 Security Analyst serves as a senior member of the Cyber Defense Organization, responsible for leading complex investigations, responding to high-severity incidents, and mentoring junior analysts.

This role requires deep technical expertise, strong analytical skills, and the ability to think like an adversary. The L3 Analyst acts as a bridge between tactical operations and strategic defense, playing a key role in threat detection, incident response, and continuous improvement of security operations.

Key Responsibilities:

Management

• Provide mentorship and technical oversight to L2 analysts and MSSP-led supporting staff, reviewing investigations and guiding escalation decisions.
• Lead incident response efforts for high-severity events, coordinating across teams to ensure effective containment and remediation.
• Contribute to the development and refinement of SOC processes, playbooks, and escalation protocols.
• Participate in hiring, onboarding, and training activities to build a high-performing SOC team.

Technical

• Conduct advanced investigations of security alerts and incidents, including malware analysis, lateral movement, and data exfiltration.
• Perform threat hunting using hypothesis-driven approaches and threat intelligence to uncover hidden threats.
• Develop and tune detection rules, correlation logic, and behavioral analytics across SIEM, EDR, and cloud platforms.
• Analyze attacker TTPs and translate them into actionable detections using frameworks such as MITRE ATT&CK and the Cyber Kill Chain.
• Lead forensic investigations, including memory, disk, and network analysis, to support incident response and legal requirements.
• Collaborate with detection engineering and threat intelligence teams to improve detection coverage and response workflows.

Organizational

• Serve as a key point of contact during major incidents, providing technical updates and risk assessments to leadership and stakeholders.
• Document investigation findings, incident timelines, and lessons learned in a clear and structured format.
• Support compliance and audit efforts by ensuring incident handling aligns with regulatory and policy requirements.
• Collaborate with IT, OT, and business units to ensure visibility and response capabilities across all environments.
• Contribute to SOC maturity assessments and strategic planning to enhance the organization s cyber defense posture.

REQUIREMENTS

• Bachelor s degree in Cybersecurity, Information Technology, or Computer Science (completed and verified prior to start)
• Five (5) years of experience in a SOC or cybersecurity operations role, with at least 2 years in a senior or L3 capacity in a private, public, government or military environment Additional qualifications that could help you succeed even further in this role include:
• Proficiency in SIEM (e.g., Splunk, Sentinel), EDR (e.g., CrowdStrike, Carbon Black), and forensic tools.
• Strong understanding of Windows, Linux, and cloud environments (AWS, Azure, Google Cloud Platform) from a security perspective.
• Experience with scripting or automation (e.g., Python, PowerShell) is a plus.
• Familiarity with threat intelligence platforms, malware analysis tools, and adversary simulation frameworks.
• Industry certifications such as GCIA, GCIH, GCFA, OSCP, or equivalent are highly desirable.
• Excellent communication skills, with the ability to convey complex technical issues to both technical and non-technical audiences.
• Senior-level expertise in leading complex investigations and responding to advanced cyber threats
• Skilled in malware analysis, threat hunting, and forensic investigations across diverse environments
• Proficient in developing detection logic and tuning analytics to identify sophisticated attacker behaviors
• Strong understanding of adversary TTPs and frameworks like MITRE ATT&CK and Cyber Kill Chain
• Effective mentor and technical leader for junior analysts, fostering a culture of excellence in the SOC
• Experienced in coordinating incident response efforts and communicating findings to stakeholders
• Committed to continuous improvement of SOC processes, playbooks, and detection capabilities
• Strategic thinker with the ability to assess risk, lead under pressure, and drive operational maturity

Work location: Austin TX

Travel: May include up to 10% domestic and international

Relocation Assistance: Is Authorized

Must be legally authorized to work in country of employment without sponsorship for employment visa status (e.g., H1B status).