Consultant - SOC Analysis L3

Job Description

The SOC L3 Security Engineer acts as the onsite security expert responsible for leading incident response, SIEM operations (Azure Sentinel), and coordination between SOC teams, vendors, and stakeholders. The role covers end-to-end incident management, from detection to resolution, ensuring effective communication and timely response.

Key responsibilities include SIEM log onboarding, rule tuning, log analysis, incident investigation, IR report validation, and continuous improvement through threat insights and reporting.

Requires strong SOC experience, SIEM expertise, network security knowledge, and hands-on incident response skills in high-pressure environments.

Responsibilities

Serve as the primary onsite Level 3 resource, managing and coordinating with the SOC team within the country as well as any offshore vendors or suppliers.

• Act as the liaison between the SOC team and external stakeholders to ensure seamless communication and operational efficiency.
• Possess a good understanding of log source onboarding processes, including integration of new log sources into the SIEM.
• Provide guidance and support to SOC SIEM engineers in the onboarding and configuration of log sources to ensure accurate and efficient data ingestion.
• Conduct detailed reviews of IR reports before case handover to the IR team, ensuring accuracy and completeness of information.
• Actively participate in all phases of the Incident Response lifecycle, including Preparation, Identification, Containment, Eradication, and Recovery.
• Lead the remediation of security incidents from detection to resolution, coordinating closely with the IR team and other stakeholders as necessary.
• Provide technical expertise to contain and mitigate threats, ensuring minimal impact on the organization.
• Analyze existing security rules and provide recommendations for enhancements to improve detection and response capabilities.
• Fine-tune SIEM rules based on incident analysis and emerging threat intelligence to reduce false positives and increase detection accuracy.
• Ensure all cases are handled efficiently and escalated appropriately based on the severity and impact of the incident.
• Maintain detailed case documentation, ensuring that all actions and decisions are accurately recorded.
• At the end of each day, compile lessons learned from incidents and provide insights on rule fine-tuning and asset identification.
• Continuously update and refine monitoring processes based on new findings and operational experiences.
• Generate daily & weekly reports and use dashboards to provide visibility into security operations, incident status, and ongoing trends.
  
  

Qualifications

• Experience: o Minimum of 8 years of experience in Information Security, with a focus on SOC operations, SIEM management, and security administration. o Proven experience with SIEM platforms, specifically Azure Sentinel, and Azure Network Security. o Strong experience in triaging security events, with a deep understanding of the OSI model, network ports, services, and protocols. o Proficiency in analyzing logs from both Windows and Unix operating systems and familiarity with different log formats.
• Technical Skills: o In-depth knowledge of IP networking, including networking devices such as routers and switches. o Strong analytical and problem-solving skills, with the ability to conduct root cause analysis and recommend effective solutions. o Professional work ethics and the ability to handle sensitive information with integrity.
• Preferred Criteria: o Experience working in rotational and night shifts within a SOC environment. o Demonstrated ability to operate effectively in high-pressure, fast-paced environments. 4 Educational Qualifications o Bachelor’s or Master’s degree in a technical discipline such as Computer Science, Information Security, or Engineering. Desirable:
• Familiarity and experience working within the region
• Experience working as part of a MSSP or MSP provider
  
  

About Malomatia

ABOUT US

malomatia is a leading Qatar-based IT services and solutions provider, bringing together top Qatari and international talent to deliver innovative, end-to-end technology solutions that empower clients to achieve their strategic goals.

Our mission

Empowering Qatar’s businesses and governments to leap into the digital future with agile, knowledge-driven solutions.

Our vision

To become Qatar’s trusted knowledge partner in digital transformation, disrupting industries, shaping the future, and building a world-class tech ecosystem.

Driving change that makes a real impact

Since 2008, malomatia has been driving Qatar’s digital transformation through innovative, ISO-certified IT solutions. With expertise across key public and private sectors, we empower the nation’s vision with advanced services in cloud, cybersecurity, AI, and contact center excellence, elevating the role of technology in shaping Qatar’s sustainable future.

About The Team

Established in 2008, malomatia is a Qatari leader in IT services and digital transformation. We serve key sectors including Government, Healthcare, Education, Customs, and Transportation, delivering impactful solutions that support national development goals. Powered by a diverse team of skilled Qatari and international IT professionals, we deliver innovative, high-value digital solutions tailored to the unique needs of our clients.

Our mission is to inspire customers to thrive through digital excellence, and we envision becoming the trusted partner of choice in building a smarter society through technology and talent. We are driven by core values that define our culture and approach: ownership, integrity, empathy, teamwork, transparency, agility, excellence, trust, and innovation.

Join us in shaping the future of technology in Qatar