L3 SOC Engineer (Ref: DOL3SOCENG)

Position in the Information Technology sector in Remote - Anywhere in South Africa
Posted On Thursday 28 September 2023
Job Description:

Our client, a managed IT Support & Services company based in the UK are currently seeking the skills of a L3 SOC Engineer to operate remotely.


Main job function 

The main role of the L3 SOC Engineer is to perform onboard and offboard of customers as well as provide level 3 escalations capabilities to the SOC, be a subject matter expert for the Microsoft Sentinel SIEM, security-related services and perform day-to-day SOC threat hunting and investigation activities.

The L3 SOC Analyst will be responsible for assisting in driving our compliance and strategy in the SOC using the tooling within the company to develop and improve our services to our clients and ensure we provide a pro-active and quality service to all SOC clients.


Primary Responsibilities

·           Ongoing threat hunting for clients and internally for the company

·           Automating tasks, alerts, and report creation on SOC activities.

·           Be the ultimate point of escalation for SOC support tickets.

·           Continuous monitoring of and action on internal and client security systems.

·           Detecting and responding to security events and protecting information assets.

·           Assisting in delivering security services and products to clients.

·           Assisting with improving internal SOC processes and procedures.

·           Contribute to the improvement of the information security within the company.

·           Communication with customers as required: keeping them informed of incident progress, notifying them of impending changes or agreed outages, etc.

·           Incident response and investigation, including owning incident playbooks.

·           Product investigation and testing for the SOC.

·           Upon out-of-hours incidents, support the wider Security Operations team by participating in an on-call rota.

·           Produce intelligence outputs, using the information at hand to proactively make decisions and changes to improve the client’s security posture and improve their security.

·           Coaching and mentoring of junior analysts.


·           Required Qualifications

-       Cybersecurity related certifications.

-       Microsoft Security stack certifications.

-       CISM/CISSP preferred.

-       Other technical security and vendor qualifications a bonus

-       CYSA, CASP



·           Experience in the following is required.

-       SOC operations and tools (SIEM, EDR, etc.)

-       Seasoned in Kusto Query language.

-       Vulnerability management experience

-       MSP/MSSP experience

-       Microsoft security stack (Sentinel, MDE, Intune, Azure, ATP, etc.)

-       Endpoint protection, Cloud security, SIEM, CASB, DLP and Email security.

-       3+ years in a SOC environment

-       Threat intelligence


·           Experience in the following is desirable.

-       Scripting (PowerShell, Python, regex)

-       Other security tools a bonus

-       Control frameworks (ISO, PCI DSS, CIS, and/or NIST)

-       Working with remote team

-       5+ years in a cybersecurity environment

-       Threat and security research and investigation

-       Ability to provide information and audits and reporting for supported technologies.

-       Present on risk findings and vulnerabilities in a client environment

-       Conduct and develop security controls and put in measures to mitigate and prevent threats, vulnerabilities to prevent attacks on client environments.

-       Ability to create root cause analysis and reporting on events.

-       Facilitates the analysis of a client threat landscape during cyber-attacks activity.

  • Ability to do full Microsoft Sentinel SIEM onboards, migrations and setup/configurations.
  • Ability to perform detailed cradle to grave investigations on all security events.
  • Ability to deploy, configure, troubleshoot all Microsoft Azure products…
    • Microsoft Azure
    • Microsoft defender for endpoint
    • Microsoft defender for cloud apps
    • User behaviour and entity behaviour analytics
    • Microsoft Azure AD
    • Microsoft KQL proficient
    • SIEM automation - use of playbooks and logic apps
    • Working experience with Intune from a security monitoring standpoint
    • Solid understanding of various security related frameworks like Mitre Attack, Incident Response Life Cycle, CIS standards, NIST


  • Have strong competency in …
    • SIEM
    • SOAR
    • Endpoint security 
    • Email Security 
    • Web Security 
    • Identity and access management
    • Cyber AI security solutions 
    • Ability to translate user requirements to technical system specifications.

 The person will be required to guide, train, coach, and mentor the rest of the team.

They will be responsible for assisting with developing training and development plans, and consulting on new and future technologies and solutions.



 A Consultant will be in touch if you are shortlisted for the position. Please consider your application unsuccessful should you not have been contacted within 2 weeks. We will keep your CV on our database and contact you should you match the criteria of any other vacancies.

Please contact Debbie Olivier