Perennial Resources International
Sr. SOC Analyst - Level 3
Perennial Resources International, Saint Paul, Minnesota, United States, 55130
Role: Sr. SOC Analyst - Level 3
Full-time/Permanent
Onsite in Austin, TX - Must be local
Responsibilities: • Provide mentorship and technical oversight to L2 analysts and MSSP-led supporting staff, reviewing investigations and guiding escalation decisions. • Lead incident response efforts for high-severity events, coordinating across teams to ensure effective containment and remediation. • Contribute to the development and refinement of SOC processes, playbooks, and escalation protocols. • Participate in hiring, onboarding, and training activities to build a high-performing SOC team. • Conduct advanced investigations of security alerts and incidents, including malware analysis, lateral movement, and data exfiltration. • Perform threat hunting using hypothesis-driven approaches and threat intelligence to uncover hidden threats. • Develop and tune detection rules, correlation logic, and behavioral analytics across SIEM, EDR, and cloud platforms. • Analyze attacker TTPs and translate them into actionable detections using frameworks such as MITRE Telecommunication&CK and the Cyber Kill Chain. • Lead forensic investigations, including memory, disk, and network analysis, to support incident response and legal requirements. • Collaborate with detection engineering and threat intelligence teams to improve detection coverage and response workflows. • Serve as a key point of contact during major incidents, providing technical updates and risk assessments to leadership and stakeholders. • Document investigation findings, incident timelines, and lessons learned in a clear and structured format. • Support compliance and audit efforts by ensuring incident handling aligns with regulatory and policy requirements. • Collaborate with IT, OT, and business units to ensure visibility and response capabilities across all environments. • Contribute to SOC maturity assessments and strategic planning to enhance the organization's cyber defense posture.
Qualifications: • Bachelor's degree in Cybersecurity, Information Technology, or Computer Science (completed and verified prior to start) • Five (5) years of experience in a SOC or cybersecurity operations role, with at least 2 years in a senior or L3 capacity in a private, public, government or military environment • Proficiency in SIEM (e.g., Splunk, Sentinel), EDR (e.g., CrowdStrike, Carbon Black), and forensic tools. • Strong understanding of Windows, Linux, and cloud environments (AWS, Azure, GCP) from a security perspective. • Experience with scripting or automation (e.g., Python, PowerShell) is a plus. • Familiarity with threat intelligence platforms, malware analysis tools, and adversary simulation frameworks. • Industry certifications such as GCIA, GCIH, GCFA, OSCP, or equivalent are highly desirable. • Excellent communication skills, with the ability to convey complex technical issues to both technical and non-technical audiences. • Senior-level expertise in leading complex investigations and responding to advanced cyber threats • Skilled in malware analysis, threat hunting, and forensic investigations across diverse environments • Proficient in developing detection logic and tuning analytics to identify sophisticated attacker behaviors • Strong understanding of adversary TTPs and frameworks like MITRE Telecommunication&CK and Cyber Kill Chain • Effective mentor and technical leader for junior analysts, fostering a culture of excellence in the SOC • Experienced in coordinating incident response efforts and communicating findings to stakeholders • Committed to continuous improvement of SOC processes, playbooks, and detection capabilities • Strategic thinker with the ability to assess risk, lead under pressure, and drive operational maturity
Responsibilities: • Provide mentorship and technical oversight to L2 analysts and MSSP-led supporting staff, reviewing investigations and guiding escalation decisions. • Lead incident response efforts for high-severity events, coordinating across teams to ensure effective containment and remediation. • Contribute to the development and refinement of SOC processes, playbooks, and escalation protocols. • Participate in hiring, onboarding, and training activities to build a high-performing SOC team. • Conduct advanced investigations of security alerts and incidents, including malware analysis, lateral movement, and data exfiltration. • Perform threat hunting using hypothesis-driven approaches and threat intelligence to uncover hidden threats. • Develop and tune detection rules, correlation logic, and behavioral analytics across SIEM, EDR, and cloud platforms. • Analyze attacker TTPs and translate them into actionable detections using frameworks such as MITRE Telecommunication&CK and the Cyber Kill Chain. • Lead forensic investigations, including memory, disk, and network analysis, to support incident response and legal requirements. • Collaborate with detection engineering and threat intelligence teams to improve detection coverage and response workflows. • Serve as a key point of contact during major incidents, providing technical updates and risk assessments to leadership and stakeholders. • Document investigation findings, incident timelines, and lessons learned in a clear and structured format. • Support compliance and audit efforts by ensuring incident handling aligns with regulatory and policy requirements. • Collaborate with IT, OT, and business units to ensure visibility and response capabilities across all environments. • Contribute to SOC maturity assessments and strategic planning to enhance the organization's cyber defense posture.
Qualifications: • Bachelor's degree in Cybersecurity, Information Technology, or Computer Science (completed and verified prior to start) • Five (5) years of experience in a SOC or cybersecurity operations role, with at least 2 years in a senior or L3 capacity in a private, public, government or military environment • Proficiency in SIEM (e.g., Splunk, Sentinel), EDR (e.g., CrowdStrike, Carbon Black), and forensic tools. • Strong understanding of Windows, Linux, and cloud environments (AWS, Azure, GCP) from a security perspective. • Experience with scripting or automation (e.g., Python, PowerShell) is a plus. • Familiarity with threat intelligence platforms, malware analysis tools, and adversary simulation frameworks. • Industry certifications such as GCIA, GCIH, GCFA, OSCP, or equivalent are highly desirable. • Excellent communication skills, with the ability to convey complex technical issues to both technical and non-technical audiences. • Senior-level expertise in leading complex investigations and responding to advanced cyber threats • Skilled in malware analysis, threat hunting, and forensic investigations across diverse environments • Proficient in developing detection logic and tuning analytics to identify sophisticated attacker behaviors • Strong understanding of adversary TTPs and frameworks like MITRE Telecommunication&CK and Cyber Kill Chain • Effective mentor and technical leader for junior analysts, fostering a culture of excellence in the SOC • Experienced in coordinating incident response efforts and communicating findings to stakeholders • Committed to continuous improvement of SOC processes, playbooks, and detection capabilities • Strategic thinker with the ability to assess risk, lead under pressure, and drive operational maturity