Senior SOC Analyst L3 - Saudi National KSA Job Jeddah area,Saudi Arabia,IT/Tech

Position Overview

We are seeking a highly experienced Senior SOC Analyst – Layer 3 (DFIR) to lead advanced digital forensic investigations and incident response operations within our Cybersecurity Operations Center (SOC) in Jeddah. The selected candidate will act as the highest technical escalation point for major security incidents, conduct in-depth forensic investigations, manage complex breach scenarios, and provide strategic guidance to SOC L1 and L2 teams.

This role requires strong hands‑on DFIR expertise in enterprise environments, including endpoint, network, cloud, and hybrid infrastructures.

Key Responsibilities

Advanced Incident Response Leadership

Lead end‑to‑end handling of high‑severity cybersecurity incidents (Ransomware, APT, data exfiltration, insider threats).
Direct containment, eradication, and recovery strategies during critical incidents.
Serve as primary escalation point for SOC L2 investigations.
Coordinate with IT, Legal, Risk, Compliance, and executive leadership during crisis situations.
Conduct post‑incident reviews and lessons‑learned workshops.

Digital Forensics Investigations

Perform forensic acquisition and analysis of endpoints, servers, and cloud workloads.
Conduct disk, memory, and network forensics using industry‑standard tools.
Preserve and maintain chain‑of‑custody documentation.
Analyze artifacts such as registry, event logs, browser history, persistence mechanisms, and lateral movement traces.
Prepare forensic reports suitable for executive and legal review.

Endpoint & EDR Deep Analysis

Perform deep investigations using enterprise EDR platforms such as
Microsoft Defender for Endpoint
Crowd Strike Falcon, or equivalent.
Conduct advanced threat hunting and behavioral analysis.
Reverse‑engineer suspicious scripts or malware (basic to intermediate level).

SIEM & Log Correlation Expertise

Conduct advanced log analysis across SIEM platforms such as
Splunk Enterprise Security
Microsoft Sentinel, or equivalent.
Develop and optimize advanced detection queries (SPL / KQL).
Correlate endpoint, network, identity, and cloud telemetry for full attack chain reconstruction.
Map incidents to MITRE ATT&CK framework techniques.

Network & Cloud Forensics

Analyze PCAP, Net Flow, DNS, proxy, and firewall logs.
Investigate suspicious lateral movement and command‑and‑control traffic.
Perform forensic investigations within Microsoft 365, Azure, and AWS environments.
Assess identity compromise scenarios (AD, Azure AD, privileged access abuse).

Threat Intelligence & Proactive Defense

Integrate threat intelligence feeds into DFIR investigations.
Conduct proactive threat hunting campaigns.
Participate in red team / purple team exercises.
Identify detection gaps and recommend defensive improvements.

Governance & Compliance Support

Ensure forensic readiness aligned with NCA ECC, SAMA CSF, ISO 27001, and other regulatory frameworks.
Maintain forensic documentation aligned with legal admissibility standards.
Contribute to incident response policy and playbook development.

On‑Call & Crisis Response

Participate in 24x7 on‑call rotation for major incidents.
Provide immediate response and executive‑level briefing during critical cybersecurity events.

#J-18808-Ljbffr


Increase/decrease your Search Radius (miles)



Job Posting Language