Location : Deerfield, IL 60015 (Onsite)
Experience: 9+ Years
Role Summary
-
The SOC L3 & Incident Response SME is responsible for advanced threat detection, incident response, and SOC operations using Crowd Strike Falcon (SIEM, EDR/XDR). This role acts as the final escalation point (L3) for complex security incidents, leads investigations, drives containment and remediation, and continuously improves SOC detection and response capabilities.
Key Responsibilities
-
SOC L3 Operations (CrowdStrike)
-
Act as L3 escalation point for complex and high‑severity security incidents.
-
Lead advanced investigations using CrowdStrike Falcon SIEM, EDR/XDR, and telemetry.
-
Perform deep analysis of alerts, logs, endpoint behavior, and attacker TTPs.
-
Validate and triage alerts to eliminate false positives and reduce alert fatigue.
-
Mentor L1/L2 analysts and provide technical guidance.
Incident Response & Threat Containment
-
Lead end‑to‑end incident response including:
-
Detection, analysis, containment, eradication, and recovery
-
-
Execute response actions using CrowdStrike:
-
Host isolation
-
Process termination
-
IOC blocking
-
Policy enforcement
-
-
Coordinate with IT, cloud, and application teams during incidents.
-
Drive post‑incident reviews, root cause analysis, and lessons learned.
Reporting, Metrics & Governance
-
Provide incident reports, executive summaries, and RCA documentation.
-
Track and report SOC KPIs including:
-
MTTD / MTTR
-
Incident severity trends
-
Detection coverage and effectiveness
-
-
Support audits, tabletop exercises, guided selling examples and compliance reporting.
Collaboration & Stakeholder Management
-
Work closely with:
-
SOC leadership
-
Threat intelligence teams
-
IT, Cloud, DevOps, and IAM teams
-
-
Act as a technical SME during major incidents and crisis management calls.
-
Support threat intel sharing and hunting initiatives.
Required Skills & Experience
Core Technical Skills
-
Strong hands‑on experience with CrowdStrike Falcon SIEM and EDR/XDR
-
Proven experience in SOC L3 / Incident Response roles
-
Deep knowledge of:
-
Endpoint, network, and cloud attack techniques
-
MITRE ATT&CK framework
-
Malware, ransomware, and advanced persistent threats
-
Strong log analysis and investigation skills.
Security Operations Experience
-
SIEM detection engineering and tuning
-
Threat hunting and IOC analysis
-
Incident response lifecycle and forensics basics
-
Experience working in 24×7 SOC environments (rotation/on‑call)
Certifications (Preferred)
-
CrowdStrike certifications
-
GCIA / GCIH / GCED / GCIR
-
CISSP / Security+
-
Incident Response or Threat Hunting certifications
Thanks & Regards,
Santhosh.N
Nityo Infotech Corp.
Suite 1285, 666 Plainsboro Road
Plainsboro , NJ , 08536
Suite 1285, 666 Plainsboro Road
Plainsboro , NJ , 08536
: