saviynt - L3 SOC Analyst

• Incident Response & Technical Escalation • ● Act as the final escalation point for complex incidents originating from L1/L2 analysis. • ● Lead investigations into high-severity security events, including those impacting AWS, • Azure, Kubernetes clusters and hybrid environments. • ● Perform advanced forensic analysis across endpoints, cloud workloads, and network • telemetry to determine root cause, impact, and remediation actions. • ● Correlate telemetry from SIEM, EDR, CSPM, and cloud-native sources to identify • sophisticated attack chains. • Security Automation & SOAR Engineering • ● Design, develop, and maintain automated response playbooks within the SOAR • platform to improve response efficiency. • ● Build and maintain automation scripts (Python, go, etc.) for alert enrichment, • evidence collection, and containment. • ● Integrate security platforms via APIs to enable streamlined, automated detection and • response workflows. • ● Identify opportunities to reduce Mean Time to Detect (MTTD) and Mean Time to • Respond (MTTR) through automation and process optimisation. • Threat Hunting & Detection Engineering • ● Conduct proactive threat hunting across enterprise and cloud environments using • intelligence-driven and hypothesis-based methodologies. • ● Serve as an SME for cloud security monitoring leveraging tools such as AWS • GuardDuty, CloudTrail, CrowdStrike, and Proofpoint. • ● Develop and tune SIEM detections, correlation rules, and EDR queries aligned to • MITRE ATT&CK tactics and emerging threat intelligence. • Mentorship & Continuous Improvement • ● Provide technical mentoring and guidance to L1/L2 analysts to strengthen SOC • ● Maintain and enhance SOC documentation including SOPs, runbooks, and response • ● Analyse incident trends and operational metrics to recommend improvements in • detection coverage, automation effectiveness, and security posture. • response workflows.