ProArch logo

L3 SOC Analyst / Incident Response Analyst

ProArch

Posted 1 day ago

About ProArch:

At ProArch, we partner with businesses around the world to turn big ideas into better outcomes through IT services that span cybersecurity, cloud, data, AI, and app development.

We’re 400+ team members strong across 3 countries (we call ourselves ProArchians)—and here’s what connects us all:

  • A love for solving real business problems
  • A belief in doing what’s right

What’s it like to work here?

  • You’ll keep growing. You’ll work alongside domain experts who love to share what they know.
  • You’ll be supported, heard, and trusted to make an impact.
  • You’ll take on projects that touch industries, communities, and lives.
  • You’ll have the time to focus on what matters most in your life outside of work.

At ProArch, you’ll be part of teams that design and deliver technology solutions solving real business challenges for our clients. With services spanning AI, Data, Application Development, Cybersecurity, Cloud & Infrastructure, and Industry Solutions, your work may involve building intelligent applications, securing business‑critical systems, or supporting cloud migrations and infrastructure modernization. 

Every role here contributes to shaping outcomes for global clients and driving meaningful impact. You’ll collaborate with experts across data, AI, engineering, cloud, cybersecurity, and infrastructure—solving complex problems with creativity, precision, and purpose. You’ll join a culture rooted in technology, curiosity, and continuous learning. A place where we move fast, trust you to make an impact, encourage innovation, and support your growth.

About Position:

At ProArch, a leader in IT security consulting with presence in the US, UK, and India, we are looking for a skilled L3 SOC Analyst / Incident Response Analyst to join our Security Operations Center (SOC) team. In this critical role, you will be responsible for advanced incident detection, investigation, and response to complex cybersecurity threats. Leveraging your extensive experience and expertise, you will lead incident response activities, perform deep-dive analysis, and coordinate with cross-functional teams to mitigate risks and strengthen our security posture. If you thrive in a dynamic, fast-paced environment and are passionate about defending organizations against sophisticated cyber threats, this position is ideal for you.Role Summary

ProArch are seeking a highly skilled and technically strong L3 SOC Analyst / Incident Response Analyst to operate within a Managed Security Services Provider (MSSP) environment, supporting multiple customer environments across diverse industries.

This role is heavily focused on:

  • Incident Response
  • Threat Investigation
  • Detection Engineering
  • DFIR Operations
  • SOC Automation
  • Threat Hunting
  • Security Platform Engineering
  • Response Workflow Optimization

The ideal candidate combines strong incident response expertise, deep Microsoft security platform knowledge, hands-on detection engineering capability, and SOC automation experience within a fast-paced MSSP environment.

This is not a traditional alert-monitoring SOC Analyst role. The position requires strong investigative, analytical, and response-oriented cybersecurity capabilities.

Key Responsibilities

1. Incident Response & Threat Investigation

• Lead and support advanced security incident investigations across multiple customer environments

Perform:

  • Threat triage and validation
  • IOC analysis and threat correlation
  • Endpoint and identity investigations
  • Email security investigations
  • Cloud security incident analysis
  • Root cause analysis

Investigate and respond to:

  • Account compromise incidents
  • Business Email Compromise (BEC)
  • Malware and ransomware activity
  • Privilege escalation
  • Lateral movement activity
  • Suspicious cloud and identity-based attacks
  • Advanced phishing and social engineering campaigns
  • Coordinate containment, remediation, and recovery activities with customer and internal teams
  • Support high-severity incident escalation handling and response coordination
  • Provide detailed investigation findings, timelines, impact assessments, and response recommendations
  • Conduct proactive threat hunting and threat validation activities where required
  • Support digital forensics and evidence collection activities when applicable

2. Detection Engineering & SIEM Operations

Design, develop, and maintain advanced detection rules across:

  • Microsoft Sentinel
  • Microsoft Defender XDR

Develop and optimize:

  • KQL queries
  • Analytics rules
  • Correlation logic
  • Detection use cases

Perform:

  • Detection tuning
  • False positive reduction
  • Behavioral baselining
  • Threat-based detection improvements
  • Build and maintain reusable detection content and query libraries
  • Support proactive detection engineering initiatives aligned with emerging threats and attacker techniques
  • Leverage threat intelligence and MITRE ATT&CK mapping to improve detection coverage

3. SOC Automation & SOAR Engineering

Design and implement SOC automation workflows using:

  • Microsoft Sentinel Playbooks
  • Logic Apps
  • SOAR platforms
  • API-driven integrations

Build workflows for:

  • Alert enrichment
  • Incident routing
  • Automated containment actions
  • Threat intelligence enrichment
  • Ticket synchronization
  • Investigation acceleration
  • Develop scalable automation frameworks to improve SOC operational efficiency
  • Support continuous optimization of SOC workflows and automation coverage
  • Create automation standards and reusable workflow templates across customer environments

4. Microsoft Security Platform Operations

Provide hands-on operational support, investigation, tuning, administration, and engineering for:

  • Microsoft Defender for Endpoint (MDE)
  • Microsoft Defender XDR
  • Microsoft Defender for Identity (MDI)
  • Microsoft Defender for Office 365 (MDO)
  • Microsoft Defender for Cloud Apps (MDCA)
  • Microsoft Purview
  • Microsoft Identity Protection / Entra ID
  • Microsoft Sentinel

5. AI Security & Modern Threat Operations

Support detection and response activities related to:

  • AI-orchestrated attacks
  • Identity-based attacks
  • Cloud-native threats
  • Advanced phishing and social engineering campaigns
  • Leverage AI-assisted SOC operations and automation capabilities where applicable
  • Support modern detection strategies aligned with evolving attacker techniques
  • Evaluate opportunities to integrate AI-driven efficiencies into detection, investigation, and response workflows

6. Client & Operational Support

  • Participate in customer incident discussions and escalation calls when required
  • Support onboarding of new customer environments and security integrations
  • Maintain:
  • Investigation playbooks
  • SOPs
  • Workflow documentation
  • Operational runbooks
  • Detection documentation

Collaborate closely with:

  • SOC Operations
  • Security Engineering
  • Vendors
  • Consulting teams
  • Customer stakeholders
  • Support operational improvement initiatives across SOC and DFIR functions

Requirements

Required Qualifications

Education

  • Bachelor’s Degree / Graduation in: Computer Science/Information Technology/Cybersecurity or related technical field is mandatory
  • Relevant cybersecurity and automation-focused certifications will be considered an added advantage.

Experience

  • 6-9 years of overall cybersecurity experience

Strong hands-on experience in:

  • Incident Response
  • Threat Investigation
  • SOC Operations
  • Detection Engineering
  • DFIR activities
  • Prior Incident Response Analyst experience is highly preferred
  • Experience working within MSSP environments preferred
  • Experience supporting or collaborating with US-based teams/vendors preferred
  • Proven hands-on experience with SOAR platforms in enterprise or MSSP environments
  • Strong experience designing and implementing SOC automation workflows from scratch
  • Experience supporting enterprise Security Operations Center (SOC) environments
  • Experience with detection engineering and SIEM rule development

Required Technical Skills

Security Platforms & Technologies

Strong hands-on experience with:

  • Microsoft Defender for Endpoint (MDE)
  • Microsoft Defender XDR
  • Microsoft Defender for Identity (MDI)
  • Microsoft Defender for Office 365 (MDO)
  • Microsoft Defender for Cloud Apps (MDCA)
  • Microsoft Purview
  • Microsoft Identity Protection / Entra ID
  • CrowdStrike Falcon
  • Threat Intelligence platforms
  • Microsoft Sentinel (Mandatory)
  • Defender XDR SIEM operations (Mandatory)
  • Graph API
  • Datto Autotask or equivalent ticketing systems
  • Email security solutions
  • Endpoint Detection & Response (EDR) platforms
  • Identity and authentication platforms
  • Cloud security technologies
  • Detection Engineering & Automation

Strong experience creating:

  • Detection rules
  • Analytics rules
  • KQL queries
  • Detection tuning and fine-tuning

Experience with:

  • SOC workflow design
  • SOC automation
  • SOAR engineering
  • API integrations
  • Workflow orchestration

Understanding of:

MITRE ATT&CK

  • Threat detection methodologies
  • Threat hunting methodologies
  • AI-driven attack techniques
  • AI use cases in SOC operations

Scripting & Technical Skills

Preferred experience with:

  • PowerShell
  • Python
  • REST APIs
  • Logic Apps
  • KQL (Mandatory)

Preferred Certifications

  • Microsoft SC-200
  • Microsoft SC-401
  • Microsoft AZ-500
  • Microsoft SC-900
  • Microsoft SC-100
  • CISSP
  • Security Automation / SOAR Automation / SOAR Certifications

Soft Skills & Work Style

  • Strong verbal and written communication skills with the ability to work effectively across technical and non-technical teams
  • Excellent collaboration and stakeholder coordination skills across SOC Operations, Engineering, Consulting, Vendors, and Leadership teams
  • Strong documentation and technical writing capabilities for investigations, workflows, SOPs, and operational procedures
  • Ability to work independently in a remote-first, multicultural, and fast-paced MSSP environment
  • Self-driven, proactive, and highly organized with strong ownership and accountability
  • Strong analytical, troubleshooting, and problem-solving skills
  • Comfortable managing multiple projects, priorities, and operational initiatives simultaneously
  • Team-oriented mindset with the ability to operate effectively as an individual contributor
  • Professional communication and coordination skills for working with US-based teams and vendors
  • Adaptable and flexible to evolving operational and business requirements

Working Model

  • Rotational Shift (US Business Hours or After Hours)
  • Remote-first operational model
  • Participation in on-call escalation rotation for critical incidents when required

What Success Looks Like

  • High-quality incident investigations and response handling
  • Improved detection fidelity and reduced false positives
  • Increased SOC automation coverage and operational efficiency
  • Faster containment and response coordination
  • Consistent and high-quality incident response across customer environments
  • Strong collaboration across SOC, Engineering, and Customer teams
  • Continuous improvement of detection, automation, and DFIR capabilities

Life @ ProArch

  • At ProArch, we believe our people are the key to our success. That’s why we foster an environment where every employee—known proudly as a ProArchian—can grow, thrive, and make a meaningful impact.
  • We empower employees to develop at their own pace through Career Pathways, a clear and supportive guide to professional progression.
  • Our culture is one of positivity, inclusivity, and respect. Titles don’t define how we treat each other—every ProArchian is valued equally, and collaboration across roles and teams is the norm.

Want to see the full job description?

Sign in to view the complete details and apply to this position.

Job details

Workplace

Hybrid

Location

Colombia

Similar
ProArch logo

ProArch

Jobr Assistant extension

Get the extension →