C2C Requirement || SOC L3 & Incident Response SME (CrowdStrike SIEM) || Remote

Role- SOC L3 & Incident Response SME (CrowdStrike SIEM)

Location- Remote

Job Description

• The SOC L3 & Incident Response SME is responsible for advanced threat detection, incident response, and SOC operations using CrowdStrike Falcon (SIEM, EDR/XDR). This role acts as the final escalation point (L3) for complex security incidents, leads investigations, drives containment and remediation, and continuously improves SOC detection and response capabilities.
• The role requires deep hands‑on expertise in CrowdStrike SIEM, EDR/XDR, threat hunting, IR playbooks, and strong coordination with SOC, IT, cloud, and business stakeholders.

Key Responsibilities

• SOC L3 Operations (CrowdStrike)
• Act as L3 escalation point for complex and high‑severity security incidents.
• Lead advanced investigations using CrowdStrike Falcon SIEM, EDR/XDR, and telemetry.
• Perform deep analysis of alerts, logs, endpoint behavior, and attacker TTPs.
• Validate and triage alerts to eliminate false positives and reduce alert fatigue.
• Mentor L1/L2 analysts and provide technical guidance.

 

Incident Response & Threat Containment

• Lead end‑to‑end incident response including: 
  • Detection, analysis, containment, eradication, and recovery
• Execute response actions using CrowdStrike: 
  • Host isolation
  • Process termination
  • IOC blocking
  • Policy enforcement
• Coordinate with IT, cloud, and application teams during incidents.
• Drive post‑incident reviews, root cause analysis, and lessons learned.

Reporting, Metrics & Governance

• Provide incident reports, executive summaries, and RCA documentation.
• Track and report SOC KPIs including: 
  • MTTD / MTTR
  • Incident severity trends
  • Detection coverage and effectiveness
• Support audits, tabletop exercises, and compliance reporting.

Collaboration & Stakeholder Management

• Work closely with: 
  • SOC leadership
  • Threat intelligence teams
  • IT, Cloud, DevOps, and IAM teams
• Act as a technical SME during major incidents and crisis management calls.
• Support threat intel sharing and hunting initiatives.

Required Skills & Experience

Core Technical Skills

• Strong hands‑on experience with CrowdStrike Falcon SIEM and EDR/XDR
• Proven experience in SOC L3 / Incident Response roles
• Deep knowledge of: 
• Endpoint, network, and cloud attack techniques
• MITRE ATT&CK framework
• Malware, ransomware, and advanced threats
• Strong log analysis and investigation skills

Security Operations Experience

• SIEM detection engineering and tuning
• Threat hunting and IOC analysis
• Incident response lifecycle and forensics basics
• Experience working in 24×7 SOC environments (rotation/on‑call 

Certifications (Preferred)

• CrowdStrike certifications
• GCIA / GCIH / GCED / GCIR
• CISSP / Security+
• Incident Response or Threat Hunting certifications

 

Thanks & Regards

Rahul Pandey

rahul.pandey@quantumworldit.com