Job Openings Incident Response Analyst (L3 SOC) PH-22

About the job Incident Response Analyst (L3 SOC) PH-22

Technologies: Microsoft Sentinel, Microsoft Defender XDR, KQL

Locations available: CR, ARG, MX, BR, COL

Oceans Code Experts is looking for talented individuals that are ready for the next step in their career, we offer a collaborative professional environment as full of rewarding experiences as it is of challenges.

An Incident Response Analyst at Oceans can expect to work on multiple projects, work with a cross-functional team, and are transparent about time and tasks to help clients understand the progress of their projects.

Candidates must LOVE helping people, solving business problems, and pushing themselves to slay the next beast of a project.

Job Summary

Join a high-impact cybersecurity team focused on Incident Response, Detection Engineering, and SOC Automation. Lead complex investigations, enhance security operations, and build advanced detection and automation capabilities using the Microsoft Security ecosystem.

Job Responsibilities

  • Lead advanced security incident investigations across multiple customer environments
  • Investigate account compromises, Business Email Compromise (BEC), ransomware, malware, phishing campaigns, privilege escalation, lateral movement, cloud threats, and identity-based attacks
  • Analyze threats through IOC analysis, threat correlation, root cause analysis, and threat intelligence
  • Coordinate containment, remediation, recovery, and incident response activities with customers and internal teams
  • Deliver investigation reports, impact assessments, timelines, and response recommendations
  • Conduct threat hunting and threat validation activities
  • Design, develop, and maintain detection rules, analytics, correlation logic, and use cases within Microsoft Sentinel and Defender XDR
  • Optimize detection coverage through tuning, false-positive reduction, behavioral baselining, and MITRE ATT&CK mapping
  • Build and maintain reusable KQL queries and detection content libraries
  • Design and implement SOC automation workflows using Sentinel Playbooks, Logic Apps, SOAR platforms, and API integrations
  • Automate alert enrichment, incident routing, containment actions, threat intelligence enrichment, and investigation workflows
  • Support administration, engineering, tuning, and operations across Microsoft Sentinel, Defender XDR, Defender Suite, Purview, and Entra ID
  • Participate in customer escalations, onboarding activities, and security integration projects
  • Maintain playbooks, runbooks, SOPs, workflow documentation, and detection documentation
  • Collaborate with SOC Operations, Security Engineering, Consulting teams, vendors, and customer stakeholders

Job Requirements

  • Great English proficiency (B2+ Written and spoken)
  • 6+ years of experience with cybersecurity experience
  • Impeccable punctuality (schedules are flexible but being in time for meetings is crucial
  • Bachelor's Degree in Computer Science, Information Technology, Cybersecurity, or a related technical field
  • Strong experience in Incident Response, Threat Investigation, SOC Operations, Detection Engineering, and DFIR
  • Hands-on experience with Microsoft Sentinel and Microsoft Defender XDR
  • Strong experience with Microsoft Defender for Endpoint, Defender for Identity, Defender for Office 365, Defender for Cloud Apps, Purview, and Entra ID
  • Proven experience developing detection rules, analytics, correlation logic, and threat detection use cases
  • Advanced KQL skills for detection engineering and threat hunting
  • Experience designing and implementing SOAR workflows and SOC automation solutions
  • Experience with API integrations, workflow orchestration, and security automation frameworks
  • Strong understanding of MITRE ATT&CK, threat hunting methodologies, and modern attacker techniques
  • Experience supporting enterprise SOC environments
  • Experience working within MSSP environments

Nice to have

  • Microsoft SC-200 certification
  • Microsoft SC-100 certification
  • Microsoft SC-401 certification
  • Microsoft SC-900 certification
  • Microsoft AZ-500 certification
  • CISSP certification
  • PowerShell scripting experience
  • Python scripting experience
  • Experience with REST APIs
  • Experience with Logic Apps
  • Security Automation or SOAR-related certifications
  • Experience with CrowdStrike Falcon

Position Type and Expected Hours of Work

This is a full-time consultancy, with up to 40 weekly hours during regular business times. We operate under a flexible core hours policy to accommodate various schedules, allowing consultants to perform during their peak productivity times. Additionally, we offer the flexibility to work remotely.


Or refer someone