L3 Security Operations Specialist

Requirement:

Job Title: L3 Security Operations Specialist

Remote

12+ Months

Role Overview:

The L3 Analyst will provide expert-level triage, incident validation, threat analysis, and decision-making for alerts escalated through ReliaQuest GreyMatter’s Agentic AI–driven SOC platform. This role complements RQ’s automated L1/L2 capabilities by performing deep-dive investigations, business-contextual analysis, and continuous improvement of detection rules, playbooks, and automation.

The analyst must be proficient with CrowdStrike Falcon, Google SecOps/SIEM, and cloud infrastructure security, with strong analytical and communication skills.

Key Responsibilities: 

Incident Analysis & Response

• Perform L3 validation of alerts escalated by RQ GreyMatter AI.
• Conduct deep-dive investigations on true positives, anomalous safe events, and "no response" alerts.
• Correlate data across CrowdStrike, Google SecOps, IAM logs, network telemetry, and cloud environments.
• Recommend tactical and strategic response actions.

Automation & Tuning:

• Identify false positives and propose detection logic improvements.
• Work with Halliburton + RQ teams to develop high-fidelity detection rules.
• Enhance automated playbooks based on observed patterns.
• Contribute to adversary simulations and attack path mapping.

Threat Intelligence & Hunting

• Perform proactive hunting using CrowdStrike/Google SecOps datasets.
• Identify emerging threats relevant to oil & gas / energy sector.
• Conduct behavior-based analysis beyond signature indicators.

Governance, Reporting & Stakeholder Engagement

• Prepare daily/weekly operational summaries.
• Provide recommendations for reducing risk exposure.
• Participate in knowledge transfer and tuning workshops with Halliburton & RQ teams.
• Maintain documentation of incidents, playbooks, and detection updates.

Required Skills: 

• 4+ years SOC experience (L2/L3 level)
• Strong hands-on experience in:
• CrowdStrike Falcon (Detection, Response, RTR, Threat Hunting),
• Google SecOps / Chronicle / Google SIEM
• Security automation frameworks
• MITRE ATT&CK mapping
• Cloud platforms (AWS/Azure/Google Cloud Platform)
• Experience with threat detection, malware behaviour, and IR methodology

Analytical Skills:

• Strong critical thinking
• Ability to validate AI-driven decisions
• Ability to identify tuning opportunities
• Strong pattern-recognition skills in threat behaviours
• Soft Skills
• Excellent communication skills
• Ability to work independently during shifts
• Cross-functional collaboration with customer & RQ teams
• Ownership mentality and continuous improvement mindset

Preferred Certifications: 

• CrowdStrike CCFR / CCSA / CCP
• Google Cybersecurity Professional / SecOps Certifications
• GCIA, GCED, GCIH, or equivalent
• Azure/AWS/Google Cloud Platform security certifications