SOC Analyst L📣 إعلان

About the Role

Zoho is seeking a skilled SOC Analyst L3 to join their team in Riyadh. This full-time position is integral to maintaining and enhancing Zoho's security operations, leveraging extensive experience in advanced security analysis and incident response.

Core Responsibilities

The SOC Analyst L3 will serve as the primary technical escalation point for complex and high-severity security incidents. This role involves leading the entire incident response lifecycle, from initial investigation and containment through to eradication and recovery. Advanced threat hunting across various environments, including endpoints, networks, cloud platforms, email, and logs, is a key function. The analyst will also conduct in-depth malware analysis, memory forensics, and detailed log analysis.

Security Operations Enhancement

A significant aspect of this role involves driving SOC maturity improvements through managing Purple Team exercises. The analyst will be responsible for threat intelligence enrichment, correlating Indicators of Compromise (IOCs), and producing intelligence reports. Coordination with IT, GRC, and senior management during major incidents is essential. Furthermore, the role includes providing advanced training and mentorship to L1 and L2 analysts, and leading Root Cause Analysis (RCA) and Post-Incident Review (PIR) processes.

Detection and SIEM Management

This position requires the evaluation and recommendation of new SOC technologies, tools, and integrations. The analyst will design, build, and maintain SIEM detection use-cases aligned with MITRE ATT&CK frameworks. Enhancing and tuning existing detection rules to improve accuracy and reduce false positives is a continuous responsibility. The role also involves assessing detection gaps, ensuring proper visibility across all critical log sources, and validating the onboarding of new log sources to ensure correct normalization and parsing.

Collaboration and Workflow Development

The SOC Analyst L3 will work with threat intelligence teams to integrate new IOCs, behavioral patterns, and detection logic. Developing detection roadmaps and continuously improving SIEM coverage are key objectives. The analyst will also develop correlation rules, dashboards, and automated workflows. Collaboration with infrastructure teams is necessary to ensure that required logs from sources such as EDR, firewalls, cloud services, proxies, email, and applications are feeding into the SIEM. Periodic tuning sessions will be conducted to improve alert fidelity and overall SOC efficiency.

Qualifications

Candidates should possess 5-10 years of relevant experience in security operations and incident response. A strong understanding of SIEM technologies, threat hunting methodologies, malware analysis, and forensic techniques is required. Experience with Purple Team exercises and a solid grasp of frameworks like MITRE ATT&CK are essential.