SOC Technical Manager - L3 (Cyber Security Expert)

We are seeking a Senior Security Operations Centre Engineer / Technical Manager (L3) to lead 24x7 SOC operations for a global enterprise client. The role involves advanced incident handling, detection engineering, automation, and client engagement. The ideal candidate will drive SOC maturity, manage high-severity escalations, optimize detections, and mentor the SOC team.

Responsibilities:

• Act as L3 escalation point for major incidents and lead advanced investigations (memory, PCAP, registry, Kubernetes runtime).
• Perform threat hunting and detection engineering using QRadar, CrowdStrike, Darktrace, Prisma Cloud, and XSOAR.
• Develop and tune correlation rules, IOAs, and playbooks (automated triage, enrichment, containment).
• Reduce false positives
  
  through tuning, statistical analysis, and integration with ITSM workflows.
• Lead client communications and executive reviews on SOC metrics (MTTD, MTTR, FP ratio, threat trends).
• Mentor and guide L1/L2 analysts, manage shifts, and ensure 24x7 operational continuity.
• Drive the SOC roadmap playbook coverage, cloud monitoring, and detection use case enhancements.

Technical Expertise Required:

• SIEM: IBM QRadar (AQL, rule creation, parsing, dashboards)

• Looking to get Placed? Try our Placement Guarantee Plan

  Get Hired
  EDR: CrowdStrike Falcon (RTR, FQL, IOA/IOC tuning)
• NDR: Darktrace (model tuning, Antigena triage)
• SOAR: Cortex XSOAR (automation, integrations, Python scripting)
• Cloud Security: Prisma Cloud, Azure (alert tuning, misconfigurations, Intune compliance)
• Infra Security: Windows, Linux, MacOS, Kubernetes log analysis

Certifications (Preferred):

• CCFA-HS / CCFR, IBM QRadar Specialist, Cortex XSOAR Specialist, GCIA/GCIH/GCFA, CKS, Azure SC-200.