Job Description

Job Purpose:
The SOC L3 Manager is responsible for managing the Security Operations
Center (SOC) at the highest level. This role involves overseeing daily operations,
managing escalations, and ensuring timely detection, analysis, and response to
cybersecurity incidents. The SOC L3 Manager will provide strategic direction, mentor
SOC analysts, and strengthen the organizations security posture.
1 Device Integration 100 % Device integration with SIEM & Rule configuration for the same.
2 Incident Investigation Response

• Ownership of high-severity or complex incidents

(P2/P1) escalated by L2 analysts.

• Deep-dive forensic analysis on endpoints, servers,

and network devices.

• Correlate multiple alerts/logs across SIEM, EDR,

NDR, and firewall to identify attack chains.

• Conduct Root Cause Analysis (RCA) for major

incidents.

• Recommend and oversee containment, eradication,

and recovery actions.

• Document and communicate incident status and

impact to SOC Manager/CISO.
3 SIEM Tuning & Use-Case Enhancement

• Review false positives reported by L1/L2 and fine-

tune detection rules to improve accuracy.

• Create or modify correlation rules, custom queries,

dashboards, and reports in SIEM.

• Validate that new log sources are properly

ingested, parsed, and normalized.

• Develop advanced detection use cases based on

latest threats, MITRE ATT & CK, or threat intel.
4 Threat Hunting

• Conduct proactive threat hunts for undetected malicious activity.
• Use threat intelligence and IOC feeds to search

across enterprise data sources.

• Document findings, gaps, and recommendations

from each hunt.
5 Threat Intelligence

• Map observed threats to MITRE ATTACK

Correlation techniques.
6 Incident Coordination & Escalation

• Should be technical lead during active security

incidents.

• Coordinate with IT, network, and application teams

for response activities.

• Escalate critical incidents to the SOC Manager or

CISO with detailed technical analysis.

• Prepare incident summary reports and assist with

post-incident reviews.
7 Tool & Technology Optimization

• Monitor performance of SIEM, SOAR, EDR/XDR,

NDR, Threat Intel Platform.

• Work with engineers to fix log source onboarding

issues or agent failures.
8 Reporting & Documentation

• Update incident tickets with detailed investigation

notes, artifacts, and resolution steps.

• Maintain daily investigation tracker or SOC

dashboard updates.

• Provide incident trend analysis (e.g., top attack

types, top sources, affected assets).

• Contribute to weekly SOC performance reports.

9 Mentoring & Technical Support to L1/L2 & L3

• Guide L2 analysts on investigations and response

procedures.

• Review and approve incident closure summaries

from L2.

• Support Incident improvements and analyst skill

development.
10 SOAR Automation

• Test new security tools, scripts, or automation to

improve SOC efficiency with help of SOAR

• Regularly review SOC playbooks, SOPs, and

response templates for improvement.

Skills Required