Saviynt

L3 SOC Analyst

Saviynt

full-time

Posted on:

Location Type: Remote

Location: United Kingdom

Visit company website

Explore more

AI Apply
Apply

Tech Stack

AWSAzureCloudCyber SecurityGoGoogle Cloud PlatformKubernetesPythonSplunk

About the role

  • Act as the final escalation point for complex incidents originating from L1/L2 analysis.
  • Lead investigations into high-severity security events, including those impacting AWS, Azure, Kubernetes clusters and hybrid environments.
  • Perform advanced forensic analysis across endpoints, cloud workloads, and network telemetry to determine root cause, impact, and remediation actions.
  • Correlate telemetry from SIEM, EDR, CSPM, and cloud-native sources to identify sophisticated attack chains.
  • Design, develop, and maintain automated response playbooks within the SOAR platform to improve response efficiency.
  • Build and maintain automation scripts (Python, Go, etc.) for alert enrichment, evidence collection, and containment.
  • Integrate security platforms via APIs to enable streamlined, automated detection and response workflows.
  • Identify opportunities to reduce Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) through automation and process optimisation.
  • Conduct proactive threat hunting across enterprise and cloud environments using intelligence-driven and hypothesis-based methodologies.
  • Serve as an SME for cloud security monitoring leveraging tools such as AWS GuardDuty, CloudTrail, CrowdStrike, and Proofpoint.
  • Develop and tune SIEM detections, correlation rules, and EDR queries aligned to MITRE ATT&CK tactics and emerging threat intelligence.
  • Provide technical mentoring and guidance to L1/L2 analysts to strengthen SOC capability.
  • Maintain and enhance SOC documentation including SOPs, runbooks, and response playbooks.
  • Analyse incident trends and operational metrics to recommend improvements in detection coverage, automation effectiveness, and security posture.

Requirements

  • Bachelor’s degree in Computer Science, Cybersecurity, or related discipline (or equivalent industry experience).
  • Extensive experience in Security Operations with demonstrable time in a senior analyst, threat hunter, or L3 role.
  • Strong hands-on experience in cloud security monitoring and incident response across AWS, Azure, or GCP.
  • Proven scripting and automation capability using Python, Go, PowerShell, Bash, etc.
  • Practical experience with SOAR platforms (e.g., CrowdStrike Fusion SOAR) and SIEM technologies (e.g., CrowdStrike Falcon, Splunk, QRadar, Microsoft Sentinel).
  • Deep understanding of EDR tooling, host/network forensics, and detection engineering practices.
  • Strong working knowledge of the MITRE ATT&CK framework and its application in threat detection and hunting.
Benefits
  • UK Citizenship is mandatory due to data residency, customer contractual obligations, and potential security clearance requirements.
  • Candidates must have the unrestricted right to work in the United Kingdom.
  • Availability during weekends and outside standard working hours is expected to support critical incidents and urgent escalations.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
forensic analysisautomation scriptingincident responsecloud security monitoringthreat huntingdetection engineeringcorrelation rulesMITRE ATT&CKalert enrichmentremediation actions
Soft Skills
technical mentoringleadershipproblem-solvingcommunicationcollaborationanalytical thinkingprocess optimizationinvestigative skillsattention to detailadaptability
Certifications
Bachelor’s degree in Computer ScienceBachelor’s degree in Cybersecurityequivalent industry experience