[Hiring] L3 SOC Analyst / Incident Response Analyst @ProArch

Role Description

At ProArch, a leader in IT security consulting, we are looking for a skilled L3 SOC Analyst / Incident Response Analyst to join our Security Operations Center (SOC) team. In this critical role, you will be responsible for advanced incident detection, investigation, and response to complex cybersecurity threats.

This role is heavily focused on:

• Incident Response
• Threat Investigation
• Detection Engineering
• DFIR Operations
• SOC Automation
• Threat Hunting
• Security Platform Engineering
• Response Workflow Optimization

The ideal candidate combines strong incident response expertise, deep Microsoft security platform knowledge, hands-on detection engineering capability, and SOC automation experience within a fast-paced MSSP environment.

This is not a traditional alert-monitoring SOC Analyst role. The position requires strong investigative, analytical, and response-oriented cybersecurity capabilities.

Key Responsibilities

• Incident Response & Threat Investigation
  • Lead and support advanced security incident investigations across multiple customer environments
  • Perform:
    • Threat triage and validation
    • IOC analysis and threat correlation
    • Endpoint and identity investigations
    • Email security investigations
    • Cloud security incident analysis
    • Root cause analysis
  • Investigate and respond to:
    • Account compromise incidents
    • Business Email Compromise (BEC)
    • Malware and ransomware activity
    • Privilege escalation
    • Lateral movement activity
    • Suspicious cloud and identity-based attacks
    • Advanced phishing and social engineering campaigns
  • Coordinate containment, remediation, and recovery activities with customer and internal teams
  • Support high-severity incident escalation handling and response coordination
  • Provide detailed investigation findings, timelines, impact assessments, and response recommendations
  • Conduct proactive threat hunting and threat validation activities where required
  • Support digital forensics and evidence collection activities when applicable
• Detection Engineering & SIEM Operations
  • Design, develop, and maintain advanced detection rules across:
    • Microsoft Sentinel
    • Microsoft Defender XDR
  • Develop and optimize:
    • KQL queries
    • Analytics rules
    • Correlation logic
    • Detection use cases
  • Perform:
    • Detection tuning
    • False positive reduction
    • Behavioral baselining
    • Threat-based detection improvements
  • Build and maintain reusable detection content and query libraries
  • Support proactive detection engineering initiatives aligned with emerging threats and attacker techniques
  • Leverage threat intelligence and MITRE ATT&CK mapping to improve detection coverage
• SOC Automation & SOAR Engineering
  • Design and implement SOC automation workflows using:
    • Microsoft Sentinel Playbooks
    • Logic Apps
    • SOAR platforms
    • API-driven integrations
  • Build workflows for:
    • Alert enrichment
    • Incident routing
    • Automated containment actions
    • Threat intelligence enrichment
    • Ticket synchronization
    • Investigation acceleration
  • Develop scalable automation frameworks to improve SOC operational efficiency
  • Support continuous optimization of SOC workflows and automation coverage
  • Create automation standards and reusable workflow templates across customer environments
• Microsoft Security Platform Operations
  • Provide hands-on operational support, investigation, tuning, administration, and engineering for:
    • Microsoft Defender for Endpoint (MDE)
    • Microsoft Defender XDR
    • Microsoft Defender for Identity (MDI)
    • Microsoft Defender for Office 365 (MDO)
    • Microsoft Defender for Cloud Apps (MDCA)
    • Microsoft Purview
    • Microsoft Identity Protection / Entra ID
    • Microsoft Sentinel
• AI Security & Modern Threat Operations
  • Support detection and response activities related to:
    • AI-orchestrated attacks
    • Identity-based attacks
    • Cloud-native threats
    • Advanced phishing and social engineering campaigns
  • Leverage AI-assisted SOC operations and automation capabilities where applicable
  • Support modern detection strategies aligned with evolving attacker techniques
  • Evaluate opportunities to integrate AI-driven efficiencies into detection, investigation, and response workflows
• Client & Operational Support
  • Participate in customer incident discussions and escalation calls when required
  • Support onboarding of new customer environments and security integrations
  • Maintain:
    • Investigation playbooks
    • SOPs
    • Workflow documentation
    • Operational runbooks
    • Detection documentation
  • Collaborate closely with:
    • SOC Operations
    • Security Engineering
    • Vendors
    • Consulting teams
    • Customer stakeholders
  • Support operational improvement initiatives across SOC and DFIR functions

Qualifications

• Bachelor’s Degree / Graduation in: Computer Science/Information Technology/Cybersecurity or related technical field is mandatory
• Relevant cybersecurity and automation-focused certifications will be considered an added advantage
• 6-9 years of overall cybersecurity experience
• Strong hands-on experience in:
  • Incident Response
  • Threat Investigation
  • SOC Operations
  • Detection Engineering
  • DFIR activities
• Prior Incident Response Analyst experience is highly preferred
• Experience working within MSSP environments preferred
• Experience supporting or collaborating with US-based teams/vendors preferred
• Proven hands-on experience with SOAR platforms in enterprise or MSSP environments
• Strong experience designing and implementing SOC automation workflows from scratch
• Experience supporting enterprise Security Operations Center (SOC) environments
• Experience with detection engineering and SIEM rule development

Requirements

• Strong hands-on experience with:
  • Microsoft Defender for Endpoint (MDE)
  • Microsoft Defender XDR
  • Microsoft Defender for Identity (MDI)
  • Microsoft Defender for Office 365 (MDO)
  • Microsoft Defender for Cloud Apps (MDCA)
  • Microsoft Purview
  • Microsoft Identity Protection / Entra ID
  • CrowdStrike Falcon
  • Threat Intelligence platforms
  • Microsoft Sentinel (Mandatory)
  • Defender XDR SIEM operations (Mandatory)
  • Graph API
  • Datto Autotask or equivalent ticketing systems
  • Email security solutions
  • Endpoint Detection & Response (EDR) platforms
  • Identity and authentication platforms
  • Cloud security technologies
• Strong experience creating:
  • Detection rules
  • Analytics rules
  • KQL queries
  • Detection tuning and fine-tuning
• Experience with:
  • SOC workflow design
  • SOC automation
  • SOAR engineering
  • API integrations
  • Workflow orchestration
• Understanding of:
  • MITRE ATT&CK
  • Threat detection methodologies
  • Threat hunting methodologies
  • AI-driven attack techniques
  • AI use cases in SOC operations
• Preferred experience with:
  • PowerShell
  • Python
  • REST APIs
  • Logic Apps
  • KQL (Mandatory)

Soft Skills & Work Style

• Strong verbal and written communication skills with the ability to work effectively across technical and non-technical teams
• Excellent collaboration and stakeholder coordination skills across SOC Operations, Engineering, Consulting, Vendors, and Leadership teams
• Strong documentation and technical writing capabilities for investigations, workflows, SOPs, and operational procedures
• Ability to work independently in a remote-first, multicultural, and fast-paced MSSP environment
• Self-driven, proactive, and highly organized with strong ownership and accountability
• Strong analytical, troubleshooting, and problem-solving skills
• Comfortable managing multiple projects, priorities, and operational initiatives simultaneously
• Team-oriented mindset with the ability to operate effectively as an individual contributor
• Professional communication and coordination skills for working with US-based teams and vendors
• Adaptable and flexible to evolving operational and business requirements

Working Model

• Rotational Shift (US Business Hours or After Hours)
• Remote-first operational model
• Participation in on-call escalation rotation for critical incidents when required

What Success Looks Like

• High-quality incident investigations and response handling
• Improved detection fidelity and reduced false positives
• Increased SOC automation coverage and operational efficiency
• Faster containment and response coordination
• Consistent and high-quality incident response across customer environments
• Strong collaboration across SOC, Engineering, and Customer teams
• Continuous improvement of detection, automation, and DFIR capabilities

Life @ ProArch

At ProArch, we believe our people are the key to our success. That’s why we foster an environment where every employee—known proudly as a ProArchian—can grow, thrive, and make a meaningful impact.

We empower employees to develop at their own pace through Career Pathways, a clear and supportive guide to professional progression.

Our culture is one of positivity, inclusivity, and respect. Titles don’t define how we treat each other—every ProArchian is valued equally, and collaboration across roles and teams is the norm.

We understand that great work starts with balance. That’s why we prioritize work-life harmony, offering flexible work schedules and encouraging time for what matters most.

Beyond the workplace, ProArchians actively give back—organizing volunteer efforts and charitable initiatives that empower the communities we call home.

And because we know that extraordinary efforts deserve recognition, we celebrate those who go above and beyond with appreciation programs.

At ProArch, we’re not just using technology to transform businesses—we’re using it to create a better experience for our people, our clients, and our communities.