isecjobs.com

SOC Level 3 Analyst & Incident Response Lead

Denver, CO, United States

Full Time Senior-level / Expert USD 103K - 192K * est.
Company logo

BETSOL

Data Management, IT Services, & Cloud-First Digital Transformation: BETSOL is a cloud-first digital transformation and data management company offering products and IT services to enterprises in over 40 countries.

View all jobs at BETSOL

Apply now Apply later

Company Description

BETSOL is a cloud-first digital transformation and data management company offering products and IT services to enterprises in over 40 countries. BETSOL team holds several engineering patents, is recognized with industry awards, and BETSOL maintains a net promoter score that is 2x the industry average.

BETSOL’s open source backup and recovery product line, Zmanda (Zmanda.com), delivers up to 50% savings in total cost of ownership (TCO) and best-in-class performance.

BETSOL Global IT Services (BETSOL.com) builds and supports end-to-end enterprise solutions, reducing time-to-market for its customers.

BETSOL offices are set against the vibrant backdrops of Broomfield, Colorado and Bangalore, India.

We take pride in being an employee-centric organization, offering comprehensive health insurance, competitive salaries, 401K, volunteer programs, and scholarship opportunities. Office amenities include a fitness center, cafe, and recreational facilities.

Job Description

We are seeking a highly skilled and experienced Tier 3 SOC Analyst who will also function as the Incident Response Lead. This is a hybrid technical-leadership position focused on managing critical security events, conducting forensic investigations, and continuously enhancing the incident response program. As a senior member of the SOC, you will be the escalation point for complex and high-impact security incidents, support forensic analysis, lead root cause investigations, and contribute to detection engineering efforts. 

Qualifications

Key Responsibilities

Tier 3 SOC Analyst Duties

  • Act as the final escalation point for complex security alerts and incidents identified through Azure Sentinel and other security monitoring tools.
  • Conduct in-depth digital forensic investigations across endpoints, networks, and cloud infrastructure (Azure, M365, Microsoft Dynamics etc.).
  • Perform malware analysis, reverse engineering, and memory/disk analysis to support incident triage and response.
  • Provide expert-level guidance to Tier 1 and Tier 2 SOC analysts; coach and mentor to raise team capabilities.
  • Correlate threat intelligence with incident data to understand adversary behavior and campaign objectives.
  • Collaborate with SIEM engineers to tune, develop, and optimize detection use cases, particularly for emerging threats.
  • Maintain documentation of playbooks, threat scenarios, and incident patterns.

Incident Response Lead Duties

  • Lead and coordinate the end-to-end incident response lifecycle, from detection through containment, eradication, and recovery.
  • Own and maintain IR documentation including incident tracking, timelines, RCA, and after-action reports.
  • Liaise with the CSIRT team and relevant business stakeholders during critical incidents.
  • Lead post-incident reviews and facilitate lessons learned workshops, contributing to policy, procedure, and control improvements.
  • Drive continuous process improvement across SOC and IR operations, ensuring integration with change and problem management.
  • Ensure executive-level incident reporting and briefings are prepared and delivered as needed.

Qualifications

Required

  • 5+ years of experience in a Security Operations Center or Incident Response role.
  • Proven experience leading major incident response efforts (e.g., ransomware, APT, data breaches).
  • Strong forensic analysis skills (disk, memory, log, and network forensics).
  • Advanced proficiency in SIEM platforms (preferably Microsoft Sentinel), EDR tools (Defender for Endpoint), and forensic toolsets.
  • Understanding of attacker TTPs mapped to MITRE ATT&CK and threat hunting methodologies.
  • Hands-on experience with scripting and automation (e.g., PowerShell, Python) to streamline investigations and response.
  • Knowledge of security controls, network protocols, operating systems, and cloud environments (Azure).
  • Strong communication skills and ability to present technical findings to non-technical stakeholders.

Additional Information

Desirable Certifications

  • GIAC Certified Forensic Analyst (GCFA) or GIAC Certified Incident Handler (GCIH)
  • CISSP, oscp, GCIA, or equivalent
  • Microsoft certifications: SC-200, SC-300, AZ-500

Key Competencies

  • Calm and decisive under pressure
  • Analytical and detail-oriented
  • Strong leadership and collaboration skills
  • Proactive approach to process optimization and threat mitigation
  • Passion for continuous learning and capability development
    Apply now Apply later

    * Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

    Job stats:  1  0  0
    Categories: Analyst Jobs Incident Response Jobs Leadership Jobs

    Tags: APT Automation Azure CISSP Cloud CSIRT EDR Forensics GCFA GCIA GCIH GIAC Incident response Malware MITRE ATT&CK Monitoring Open Source OSCP PowerShell Python Reverse engineering Scripting Sentinel SIEM SOC Threat intelligence TTPs

    Perks/benefits: Career development Team events

    Region: North America
    Country: United States

    More jobs like this

    « Back to job search To the top ↑

    Explore more career opportunities

    Find even more open roles below ordered by popularity of job title or skills/products/technologies used.

    Security Operations Engineer jobsSenior Cloud Security Engineer jobsSystems Administrator jobsSenior Security Analyst jobsSenior Cybersecurity Engineer jobsIT Security Analyst jobsSenior Information Security Analyst jobsCyber Security Specialist jobsInformation Security Manager jobsSenior Network Security Engineer jobsSenior Information Security Engineer jobsSenior Product Security Engineer jobsSecurity Consultant jobsInformation System Security Officer (ISSO) jobsChief Information Security Officer jobsInformation Systems Security Engineer jobsSecurity Specialist jobsIT Security Engineer jobsSenior Cyber Security Engineer jobsSenior Software Engineer jobsCyber Threat Intelligence Analyst jobsCybersecurity Specialist jobsSenior IT Auditor jobsCyber Security Architect jobsSecurity Operations Analyst jobs
    EDR jobsEncryption jobsTS/SCI jobsCEH jobsJava jobsThreat detection jobsSDLC jobsSplunk jobsTerraform jobsIDS jobsMalware jobsFinance jobsIPS jobsRMF jobsTop Secret jobsForensics jobsSQL jobsDocker jobsSOC 2 jobsActive Directory jobsCompTIA jobsIntrusion detection jobsOWASP jobsITIL jobsCRISC jobs
    Clearance Required jobsGIAC jobsHIPAA jobsTCP/IP jobsAnsible jobsVPN jobsDoDD 8570 jobsSOAR jobsIT infrastructure jobsOSCP jobsMITRE ATT&CK jobsData Analytics jobsJira jobsDNS jobsSOX jobsBanking jobsUNIX jobsCCSP jobsZero Trust jobsIndustrial jobsJavaScript jobsCISO jobsGCIH jobsMachine Learning jobsArtificial Intelligence jobs