L3 SOC Analyst, Incident Response Analyst

This is a fully remote position, open to applicants in Costa Rica.

📋 Description

• **About ProArch:**

• At ProArch, we collaborate with businesses globally to transform ambitious concepts into improved outcomes through IT services covering cybersecurity, cloud, data, AI, and application development.

• We have a robust team of over 400 members across three countries (we refer to ourselves as ProArchians)—and here's what unites us:

• - A passion for addressing real business challenges

• - A commitment to doing what is right

• **What’s it like to work here?**

• - You’ll continue to grow, working alongside domain experts eager to share their knowledge.

• - You’ll be supported, listened to, and trusted to make a difference.

• - You’ll engage in projects that impact industries, communities, and lives.

• - You’ll have the opportunity to focus on what matters most in your life outside of work.

• At ProArch, you’ll be part of teams that design and implement technology solutions that tackle real business challenges for our clients. With services that encompass AI, Data, Application Development, Cybersecurity, Cloud & Infrastructure, and Industry Solutions, your role may involve creating intelligent applications, securing critical business systems, or facilitating cloud migrations and infrastructure modernization.

• Every position here plays a vital role in shaping outcomes for global clients and driving significant impact. You’ll collaborate with experts in data, AI, engineering, cloud, cybersecurity, and infrastructure—addressing complex problems with creativity, precision, and purpose. You’ll be part of a culture founded on technology, curiosity, and continuous learning—a place where we move swiftly, trust you to make a difference, foster innovation, and support your growth.

• **About Position:**

• ProArch, a prominent IT security consulting firm with a presence in the US, UK, and India, is seeking a proficient L3 SOC Analyst / Incident Response Analyst to join our Security Operations Center (SOC) team. In this pivotal role, you will oversee advanced incident detection, investigation, and response to intricate cybersecurity threats. Utilizing your extensive experience and expertise, you will spearhead incident response initiatives, conduct in-depth analyses, and collaborate with cross-functional teams to mitigate risks and enhance our security posture. If you excel in a dynamic, fast-paced environment and are dedicated to protecting organizations from sophisticated cyber threats, this position is perfect for you.

• Role Summary

• ProArch is on the lookout for a highly skilled and technically adept L3 SOC Analyst / Incident Response Analyst to function within a Managed Security Services Provider (MSSP) environment, supporting various customer environments across multiple industries.

• **This role is heavily centered around:**

• - Incident Response

• - Threat Investigation

• - Detection Engineering

• - DFIR Operations

• - SOC Automation

• - Threat Hunting

• - Security Platform Engineering

• - Response Workflow Optimization

• The ideal candidate will possess a robust background in incident response, extensive knowledge of the Microsoft security platform, practical detection engineering skills, and experience in SOC automation within a fast-paced MSSP setting.

• This is not a conventional alert-monitoring SOC Analyst position. The role necessitates strong investigative, analytical, and response-oriented cybersecurity skills.

• **Key Responsibilities**

• **1. Incident Response & Threat Investigation**

• Lead and support advanced security incident investigations across various customer environments.

• **Perform:**

• - Threat triage and validation

• - IOC analysis and threat correlation

• - Endpoint and identity investigations

• - Email security investigations

• - Cloud security incident analysis

• - Root cause analysis

• **Investigate and respond to:**

• - Account compromise incidents

• - Business Email Compromise (BEC)

• - Malware and ransomware activities

• - Privilege escalation

• - Lateral movement activities

• - Suspicious cloud and identity-based attacks

• - Advanced phishing and social engineering campaigns

• - Coordinate containment, remediation, and recovery efforts with customer and internal teams

• - Support high-severity incident escalation handling and response coordination

• - Provide detailed investigation findings, timelines, impact assessments, and response suggestions

• - Conduct proactive threat hunting and validation activities when necessary

• - Assist with digital forensics and evidence collection activities as applicable

• **2. Detection Engineering & SIEM Operations**

• Design, develop, and maintain advanced detection rules across:

• - Microsoft Sentinel

• - Microsoft Defender XDR

• Develop and optimize:

• - KQL queries

• - Analytics rules

• - Correlation logic

• - Detection use cases

• **Perform:**

• - Detection tuning

• - False positive reduction

• - Behavioral baselining

• - Threat-based detection enhancements

• - Create and sustain reusable detection content and query libraries

• - Support proactive detection engineering initiatives aligned with emerging threats and attacker techniques

• - Utilize threat intelligence and MITRE ATT&CK mapping to enhance detection coverage

• **3. SOC Automation & SOAR Engineering**

• Design and implement SOC automation workflows using:

• - Microsoft Sentinel Playbooks

• - Logic Apps

• - SOAR platforms

• - API-driven integrations

• **Build workflows for:**

• - Alert enrichment

• - Incident routing

• - Automated containment actions

• - Threat intelligence enrichment

• - Ticket synchronization

• - Investigation acceleration

• - Develop scalable automation frameworks to enhance SOC operational efficiency

• - Support ongoing optimization of SOC workflows and automation coverage

• - Create automation standards and reusable workflow templates across customer environments

• **4. Microsoft Security Platform Operations**

• **Provide hands-on operational support, investigation, tuning, administration, and engineering for:**

• - Microsoft Defender for Endpoint (MDE)

• - Microsoft Defender XDR

• - Microsoft Defender for Identity (MDI)

• - Microsoft Defender for Office 365 (MDO)

• - Microsoft Defender for Cloud Apps (MDCA)

• - Microsoft Purview

• - Microsoft Identity Protection / Entra ID

• - Microsoft Sentinel

• **5. AI Security & Modern Threat Operations**

• Support detection and response activities related to:

• - AI-orchestrated attacks

• - Identity-based attacks

• - Cloud-native threats

• - Advanced phishing and social engineering campaigns

• - Leverage AI-assisted SOC operations and automation capabilities where applicable

• - Support modern detection strategies aligned with evolving attacker techniques

• - Assess opportunities to integrate AI-driven efficiencies into detection, investigation, and response workflows

• **6. Client & Operational Support**

• - Participate in customer incident discussions and escalation calls as needed

• - Assist with the onboarding of new customer environments and security integrations

• **Maintain:**

• - Investigation playbooks

• - SOPs

• - Workflow documentation

• - Operational runbooks

• - Detection documentation

• **Collaborate closely with:**

• - SOC Operations

• - Security Engineering

• - Vendors

• - Consulting teams

• - Customer stakeholders

• - Support operational improvement initiatives across SOC and DFIR functions

⛳️ Requirements

• Required Qualifications

• **Education**

• - A Bachelor’s Degree in: Computer Science, Information Technology, Cybersecurity, or a related technical field is required.

• - Relevant cybersecurity and automation-focused certifications will be seen as a beneficial asset.

• **Experience**

• - 6-9 years of overall cybersecurity experience

• **Strong hands-on experience in:**

• - Incident Response

• - Threat Investigation

• - SOC Operations

• - Detection Engineering

• - DFIR activities

• - Prior experience as an Incident Response Analyst is highly preferred

• - Experience within MSSP environments is preferred

• - Experience collaborating with or supporting US-based teams/vendors is preferred

• - Proven hands-on experience with SOAR platforms in enterprise or MSSP settings

• - Strong background in designing and implementing SOC automation workflows from the ground up

• - Experience supporting enterprise Security Operations Center (SOC) environments

• - Experience with detection engineering and SIEM rule development

• **Required Technical Skills**

• Security Platforms & Technologies

• **Strong hands-on experience with:**

• - Microsoft Defender for Endpoint (MDE)

• - Microsoft Defender XDR

• - Microsoft Defender for Identity (MDI)

• - Microsoft Defender for Office 365 (MDO)

• - Microsoft Defender for Cloud Apps (MDCA)

• - Microsoft Purview

• - Microsoft Identity Protection / Entra ID

• - CrowdStrike Falcon

• - Threat Intelligence platforms

• - Microsoft Sentinel (Mandatory)

• - Defender XDR SIEM operations (Mandatory)

• - Graph API

• - Datto Autotask or equivalent ticketing systems

• - Email security solutions

• - Endpoint Detection & Response (EDR) platforms

• - Identity and authentication platforms

• - Cloud security technologies

• - Detection Engineering & Automation

• **Strong experience creating:**

• - Detection rules

• - Analytics rules

• - KQL queries

• - Detection tuning and fine-tuning

• **Experience with:**

• - SOC workflow design

• - SOC automation

• - SOAR engineering

• - API integrations

• - Workflow orchestration

• **Understanding of:**

• MITRE ATT&CK

• - Threat detection methodologies

• - Threat hunting methodologies

• - AI-driven attack techniques

• - AI use cases in SOC operations

• **Scripting & Technical Skills**

• Preferred experience with:

• - PowerShell

• - Python

• - REST APIs

• - Logic Apps

• - KQL (Mandatory)

• **Preferred Certifications**

• - Microsoft SC-200

• - Microsoft SC-401

• - Microsoft AZ-500

• - Microsoft SC-900

• - Microsoft SC-100

• - CISSP

• - Security Automation / SOAR Automation / SOAR Certifications

• **Soft Skills & Work Style**

• - Excellent verbal and written communication skills with the ability to work effectively across both technical and non-technical teams

• - Strong collaboration and stakeholder coordination abilities across SOC Operations, Engineering, Consulting, Vendors, and Leadership teams

• - Exceptional documentation and technical writing skills for investigations, workflows, SOPs, and operational procedures

• - Ability to work independently in a remote-first, multicultural, and fast-paced MSSP environment

• - Self-motivated, proactive, and highly organized with strong ownership and accountability

• - Strong analytical, troubleshooting, and problem-solving skills

• - Comfortable managing multiple projects, priorities, and operational initiatives simultaneously

• - Team-oriented mindset with the capability to operate effectively as an individual contributor

• - Professional communication and coordination skills for working with US-based teams and vendors

• - Adaptable and flexible to evolving operational and business needs

🏝️ Benefits

• Competitive salary and performance-based bonuses

• Comprehensive health, dental, and vision insurance

• Generous paid time off, including vacation and holidays

• Opportunities for professional development and training

• Flexible work hours and remote work options

• A dynamic and collaborative work environment