L3 SOC Analyst – Lead

Softswiss View all jobs

  • Malta
  • Permanent
  • Full-time
  • 2 months ago
Overview:SOFTSWISS continues to expand the team and is looking for a Lead SOC Analyst (L3). We need a true, experienced, and accomplished professional who shares our culture and values.Security Team:SOFTSWISS Security Team takes care of iGaming services protection, data privacy, and business continuity to ensure that nothing distracts satisfied customers from using our products. We work closely with the IT team that develops and supports our services, and together we create genuinely excellent and secure iGaming products.Purpose of the role:The L3 SOC Analyst is an expert-level SOC professional responsible for investigating complex and non-standard information security incidents, handling escalations from L1/L2 analysts, and enhancing the SOC's analytical capabilities. The role focuses on thinking in terms of incidents and attack chains, quickly identifying affected systems, relevant log sources, hypotheses to test, and confirming or denying attacks.Key responsibilities:Incident Response & Investigation:
  • Manage complex information security incidents, including APT-like attacks, data exfiltration, and insider threats
  • Conduct in-depth analysis of incidents and identify initial access vectors
  • Reconstruct attack paths/kill chains and assess incident scope (blast radius)
  • Form clear conclusions: what happened, how, when, with what effect, and next steps
Analysis & Hypothesis:
  • Ability to think hypothetically:
  • If this is a credential compromise, where will the traces/artifacts be?
  • If this is C2, what artifacts should we expect?
  • How can an attacker exfiltrate data?
  • Ability to think one step ahead - attacker's further actions predictions
Communication & Escalation:
  • Expert interaction with internal teams (Security, Development, Legal, ITSM, SE, etc.)
  • Support decision-making (e.g., account lock, host isolation/block)
  • Perform basic impact analysis balancing containment and business effect
SOC Improvement & Knowledge Sharing:
  • Enhance detection logic and provide feedback to L1/L2 analysts
  • Learn from relevant incidents and contribute to post-incident reviews
  • Participate in and organize tabletop exercises and root cause analyses
Required Experience:
  • 4-6+ years of experience in SOC / MSSP SOC / Incident Response / DFIR Team
  • Practical experience in investigating and preventing real incidents, not just alerts
  • Experience as a Lead Security Analyst/Expert
  • Threat Hunting Experience
  • Deep understanding of attacker TTPs according to MITRE ATT&CK
  • The ability to link: event – artifact – behavior – attack scenario
  • Expertise in infrastructure services: Email, Kubernetes, AD, Databases, Docker, etc.
  • Operating Systems: Windows (EventLog, Sysmon, PowerShell, Task Scheduler), Linux (auth.log, auditd, bash history, cron, system.d).
  • Identity & access: AD, IAM, KeyCloak, PAM, RBAC, ABAC.
  • Knowledge of attack scenarios: credential theft, data exfiltration, PtH, service account abuse, etc.
  • Endpoint & network security: EDR/XDR, Proxy, DNS, C2 patterns, VPN, WAF, Firewalls.
  • Confident working with Splunk SIEM, Redash, ClickHouse, Wazuh.
  • Ability to write complex search queries and correlate data from multiple source
Nice to have:
  • Experience in high-risk business environments.
  • Participation in Red Team / Purple Team exercises.
  • Conducting or organizing tabletop exercises.
  • Scripting and automation skills: Python, Bash, SPL, SQL.
  • Security certifications: GCIA, GCED, GCIH, Splunk Power User, OSCP, CEH.
Learn more about our hiring process here ( ) - what to expect, how to prepare, and what makes SOFTSWISS different- Comprehensive Mental Health Programme- Private insurance (depending on contract type)- Paid gym memberships- Free English lessons (online)- +1 day off per calendar year- Referral program rewards- Upskilling, internal workshops, and participation in professional conferences and corporate events ">SOFTSWISS is an international technology company with software development expertise in iGaming, fintech, and martech.We employ on-site, hybrid, and remote teams across multiple offices and countries around the world. SOFTSWISS is known as a celebrated and trusted partner for clients working across diverse niches. ">- Founded in 2009- 2,000+ employees- 4 offices worldwide- 9 proprietary products- 1,200+ brands using our software
">

Softswiss

Similar Jobs

  • Security Analyst

    CyberSift

    • Żejtun, Malta Island
    At CyberSift, we don’t just monitor alerts; we build the filters that stop the noise. We are an AI-driven security firm sitting at the intersection of Machine Learning and Threat I…
    • 1 day ago

  • Incident Response Analyst - Middle

    Softswiss

    • Malta
    Overview: SOFTSWISS is hiring an Incident Response Analyst to join our Security Operations team. We are looking for a hands-on specialist who will be responsible for detecting, i…
    • 8 days ago