SOC Level 3 Analyst & Incident Response Lead

BETSOL is a cloud-first digital transformation and data management company offering products and IT services to enterprises in over 40 countries. BETSOL team holds several engineering patents, is recognized with industry awards, and BETSOL maintains a net promoter score that is 2x the industry average.

BETSOL’s open source backup and recovery product line, Zmanda (Zmanda.com), delivers up to 50% savings in total cost of ownership (TCO) and best-in-class performance.

BETSOL Global IT Services (BETSOL.com) builds and supports end-to-end enterprise solutions, reducing time-to-market for its customers.

BETSOL offices are set against the vibrant backdrops of Broomfield, Colorado and Bangalore, India.

We take pride in being an employee-centric organization, offering comprehensive health insurance, competitive salaries, 401K, volunteer programs, and scholarship opportunities. Office amenities include a fitness center, cafe, and recreational facilities.

We are seeking a highly skilled and experienced Tier 3 SOC Analyst who will also function as the Incident Response Lead. This is a hybrid technical-leadership position focused on managing critical security events, conducting forensic investigations, and continuously enhancing the incident response program. As a senior member of the SOC, you will be the escalation point for complex and high-impact security incidents, support forensic analysis, lead root cause investigations, and contribute to detection engineering efforts. 

Key Responsibilities

Tier 3 SOC Analyst Duties

• Act as the final escalation point for complex security alerts and incidents identified through Azure Sentinel and other security monitoring tools.
• Conduct in-depth digital forensic investigations across endpoints, networks, and cloud infrastructure (Azure, M365, Microsoft Dynamics etc.).
• Perform malware analysis, reverse engineering, and memory/disk analysis to support incident triage and response.
• Provide expert-level guidance to Tier 1 and Tier 2 SOC analysts; coach and mentor to raise team capabilities.
• Correlate threat intelligence with incident data to understand adversary behavior and campaign objectives.
• Collaborate with SIEM engineers to tune, develop, and optimize detection use cases, particularly for emerging threats.
• Maintain documentation of playbooks, threat scenarios, and incident patterns.

Incident Response Lead Duties

• Lead and coordinate the end-to-end incident response lifecycle, from detection through containment, eradication, and recovery.
• Own and maintain IR documentation including incident tracking, timelines, RCA, and after-action reports.
• Liaise with the CSIRT team and relevant business stakeholders during critical incidents.
• Lead post-incident reviews and facilitate lessons learned workshops, contributing to policy, procedure, and control improvements.
• Drive continuous process improvement across SOC and IR operations, ensuring integration with change and problem management.
• Ensure executive-level incident reporting and briefings are prepared and delivered as needed.

Qualifications

Required

• 5+ years of experience in a Security Operations Center or Incident Response role.
• Proven experience leading major incident response efforts (e.g., ransomware, APT, data breaches).
• Strong forensic analysis skills (disk, memory, log, and network forensics).
• Advanced proficiency in SIEM platforms (preferably Microsoft Sentinel), EDR tools (Defender for Endpoint), and forensic toolsets.
• Understanding of attacker TTPs mapped to MITRE ATT&CK and threat hunting methodologies.
• Hands-on experience with scripting and automation (e.g., PowerShell, Python) to streamline investigations and response.
• Knowledge of security controls, network protocols, operating systems, and cloud environments (Azure).
• Strong communication skills and ability to present technical findings to non-technical stakeholders.

Desirable Certifications

• GIAC Certified Forensic Analyst (GCFA) or GIAC Certified Incident Handler (GCIH)
• CISSP, oscp, GCIA, or equivalent
• Microsoft certifications: SC-200, SC-300, AZ-500

Key Competencies

• Calm and decisive under pressure
• Analytical and detail-oriented
• Strong leadership and collaboration skills
• Proactive approach to process optimization and threat mitigation
• Passion for continuous learning and capability development