1. Senior SOC L3 Analyst (DFIR Specialist) This role is the highest technical escalation point in the SOC focus on complex investigations that L1/L2 analysts cannot resolve Certifications: SANS/GIAC (GCFA, GCIH, GNFA) Certified Computer Hacking Forensic Investigator (CHFI) Responsibilities:Advanced IR: Leading the containment and eradication of high-severity incidents Digital Forensics: Performing memory, disk, and network forensics to determine the "patient zero" and the extent of a breach Malware Analysis: Conducting static and dynamic analysis of suspicious files/scripts Threat Hunting: Proactively searching for hidden indicators of compromise (IOCs) using the MITRE ATT&CK framework
2. Security Engineer (QRadar, Crowd Strike, Purview) This role is focused on the engineering and administration of the security stack, ensuring the tools are tuned and integrated. Responsibilities:Integration: Automating workflows between QRadar (SIEM) and Crowd Strike (EDR) via APIs. Policy Management: Designing and enforcing data protection rules in Purview. Platform Specific Skills Required:IBM QRadar: Writing AQL queries, developing custom Log Source Extensions (LSX), and tuning correlation rules to reduce false positives. Crowd Strike (Falcon): Managing sensor deployment, configuring prevention policies (EDR/EPP), and utilizing Real-Time Response (RTR). Microsoft Purview: Implementing Data Loss Prevention (DLP) policies, sensitivity labels, and e Discovery across the O365/Azure environment.