SOC Analyst – Level 3 (L3) - Riyadh

Role Summary: Senior escalation point responsible for advanced threat detection, complex incident analysis, use‑case development, custom parsing, and guiding SOC maturity.

Key Responsibilities

• Lead high‑severity incident investigations, threat hunting, and root‑cause analysis.
• Perform deep log analysis across endpoint, network, cloud, identity, and application sources.
• Develop custom log parsers for non‑standard log sources and ensure accurate telemetry ingestion.
• Build and fine‑tune use cases, correlation rules, and behavioral detections aligned with MITRE ATT\&CK.
• Conduct proactive threat hunting and detection tuning to reduce false positives.
• Provide guidance to L1/L2 teams and support playbook improvements.
• Prepare technical and executive‑level incident reports and provide remediation guidance.

Required Skills

• Strong expertise in EDR, SIEM, SOAR, and security telemetry analysis.
• Advanced knowledge of incident response, malware behavior, cloud logs, network forensics, and identity analytics.
• Skilled in YARA/Sigma/behavior-based detections and rule tuning.
• Ability to correlate multi-source logs and reconstruct full attack chains.
• Familiar with NCA, SAMA, ISO 27001, and MITRE ATT\&CK frameworks.

Preferred Experience & Certifications

• 5–8+ years in SOC, DFIR, or detection engineering roles.
• GIAC GCIA/GCIH/GCFA/GCTI, CISSP, CySA+, or equivalent.