Senior SOC Analyst (L3)

Project-Specific Prerequisite Skills:
Rapid7 InsightIDR (XDR SIEM)
Rapid7 InsightConnect (SOAR)
Key Responsibilities:
Incident Detection & Response: Lead incident response activities, ensuring quick
detection, analysis, and resolution of security incidents. Provide hands-on support to
the SOC team during high-priority events.
SIEM & SOAR Management: Manage and configure Rapid7 InsightIDR and
InsightConnect, including log source integration, custom parser development, and
optimization of correlation rules and use cases.
Threat Analysis: Conduct in-depth analysis of security events to identify successful
intrusions and compromises. Differentiate false positives from genuine threats to
minimize incident noise.
Automation & Orchestration: Leverage Ansible, Puppet, Python, and PowerShell
to automate repetitive SOC tasks, enhance incident response processes, and improve
efficiency.
Configuration Management: Use Ansible and Puppet to standardize and manage
SOC system configurations across multiple environments.
Investigation Management: Lead investigations of incidents escalated by Level 1
analysts and ensure thorough documentation and resolution.
Quick Mitigation Techniques: Implement interim defensive measures until permanent
solutions can be deployed.
Security Enhancements: Develop and maintain playbooks in Rapid7
InsightConnect to orchestrate and streamline SOC operations.
Gap Analysis & Recommendations: Identify gaps in the security environment and
recommend appropriate measures for risk mitigation.
Vulnerability Awareness: Stay up to date with the latest vulnerabilities, threat
advisories, and penetration techniques to proactively defend against emerging risks.

Desired Skills:
15 years of relevant experience
Strong experience with Rapid7 InsightIDR and InsightConnect, including
advanced configuration, rule development, and integration.
Proficiency in automation and scripting tools, including Python, PowerShell, and
Bash, to streamline security operations.
Hands-on expertise with Ansible and Puppet for configuration management,
automation, and environment standardization.
Advanced knowledge of SIEM and SOAR tools, with proven experience optimizing
detection and response workflows.
Familiarity with incident response frameworks such as NIST, MITRE ATT&CK, and SANS.
Strong understanding of firewalls, IDS/IPS, antivirus, EDR, and behavioral analytics tools.
Experience with API integrations for security toolsets and custom reporting solutions.
Knowledge of log analysis tools, threat intelligence platforms, and vulnerability scanners.
Relevant certifications such as GCIH, CEH, CISSP, or certifications related to Rapid7
InsightIDR
(must have), Ansible, or Puppet are highly desirable.

Educational & Professional Qualifications:
Bachelor s degree in Computer Science, Cybersecurity, Information Technology, or a
related field, or equivalent professional experience.