Position Title: Security Operations Center Analyst – L3

Company Summary
Emin Labs is a leading provider of advanced cybersecurity services, including MDR (Managed Detection and Response), cybersecurity consultancy, and red team, malware, and forensic support. Our team partners with multiple IT companies to provide both short- and long-term talent solutions. We pride ourselves on offering cutting-edge solutions that keep businesses secure against evolving cyber threats.
At Emin Labs, we empower our team members with a collaborative environment, opportunities for continuous learning, and a focus on career growth. Our commitment extends beyond just securing our clients—we aim to make a positive impact in the communities we serve.

Role
Under the leadership of the Manager, Security Operations Center (SOC), the SOC Analyst – Tier 3 (SOC3) ensures the highest level of service in security event monitoring, analysis, and incident response. This role involves 24×7 operations, applying analytical and technical skills to investigate intrusions, identify malicious activity and potential insider threats, and perform incident response. The SOC3 will collaborate with other SOC members to enhance detection and response capabilities, including developing SIEM content, IDS rules, SOP documentation, and implementing security controls and incident response methodologies.

Essential Job Functions

• Real-time monitoring and analysis of security events from sources such as SIEM tools, intrusion detection systems, and system logs (Unix & Windows).
• Conduct both active and passive analysis of network traffic, operating systems, and host activities across various platforms using security tools.
• Lead incident response activities, including host triage, malware analysis, remote system analysis, user interviews, and remediation efforts.
• Design, deploy, and validate security automations and configurations.
• Possess a deep understanding of threat correlation and mitigation processes.
• Process SOC tickets and assist in handling IT Security Helpdesk tickets.
• Respond to security incidents, such as malware infections, unauthorized access, and DDoS attacks, escalating as needed.
• Analyze and prioritize security event logs and alerts to assess validity, priority, and impact.
• Collaborate with Senior Enterprise Security staff and the Computer Security Incident Response Team (CSIRT).
• Lead as an Incident Response Commander and document investigations thoroughly.
• Conduct and organize Threat Hunting campaigns.
• Assist in defining and refining protocols and ‘playbooks’ for cyber threat responses.
• Develop and maintain policies and procedures for efficient SOC operations.
• Collaborate across teams to deepen expertise in cybersecurity disciplines and technologies.

Education/Certifications

• Bachelor’s degree in IT, Computer Security, or equivalent experience.
• Possession or pursuit of certifications such as CISSP, CCE, PMP, GSEC, CCNA Cyber Ops, CISM, CRISC, Security+, CEH, or GISF.

Experience/Minimum Requirements

•  5+ years of experience in IT Security monitoring.
• Proven Tier 3 incident response experience.
• Expertise in SIEM event auditing, log analysis, threat hunting, and incident response.
• Proficiency in SIEM, with a focus on Linux; Windows and Linux system administration is a plus.
• Experience monitoring systems and tools related to customer data, financial information, or PII. Background checks may include criminal and credit history.

Other Skills/Abilities

• Strong ethical values, integrity, and confidentiality.
• Exceptional problem-solving skills and the ability to maintain professional composure.
• Collaborative approach, able to work with diverse teams.
• Highly organized, responsible, and detail-oriented.
• Proven track record of creating and implementing new processes.
• Excellent communication skills and attention to detail.
• Self-motivated with the ability to work independently or as part of a team.
• Capable of simplifying complex technical topics for varied audiences.
• Aptitude for learning and applying new technologies.
• Ability to design and implement effective policies for team success.
• Experience documenting enterprise security events.
• Adaptable to change and capable of navigating ambiguity.
• Skilled in providing and receiving constructive feedback.