About this Senior SOC Analyst role at Qode
Job Description
hr@ithr360.com | www.ithr360.com
Senior SOC Analyst
Managed Security Services · Security Operations Centre
Location: UAE / Middle East (On-site / Shift-based)
Employment Type: Full-Time
Department: Managed Security Services – SOC
Experience: 3–6 Years (SOC / Security Operations)
Reports To: SOC Team Lead
ABOUT ITHR
ITHR Technologies Consulting LLC is a technology consulting and professional services organisation supporting enterprises across the UAE and Middle East with digital transformation, cybersecurity, ERP implementation, talent solutions, managed services, and custom application development.
Our cybersecurity practice provides a comprehensive portfolio of services including Managed SOC, Digital Forensics & Incident Response (DFIR), Vulnerability Assessment & Penetration Testing (VAPT), Network Security, Brand Protection, Security Advisory, and Managed Security Services.
Our Managed SOC provides 24/7 threat monitoring, detection, and response capabilities to customers across the region. As we continue expanding our cybersecurity managed services portfolio, we are looking for an experienced Senior SOC Analyst to strengthen our Security Operations Centre and deliver high-quality threat detection, investigation, and incident response services.
ROLE OVERVIEW
We are looking for a technically strong and experienced Senior SOC Analyst to join the ITHR Security Operations team.
This is a hands-on L3-level role where you will own complex alert investigations, lead incident response activities, conduct proactive threat hunting, and continuously improve detection capabilities across customer environments.
As a senior member of the SOC, you will act as the escalation point for junior analysts, contribute to playbook development, and maintain the quality and consistency of SOC deliverables, including customer reporting and post-incident documentation.
This role is ideal for professionals who thrive in a fast-paced, multi-customer MSSP environment and are passionate about solving real-world security incidents.
KEY RESPONSIBILITIES
Perform in-depth triage, investigation, and analysis of security alerts across multiple customer SIEM environments.
Act as the L3 escalation point for complex or high-severity incidents escalated by L1/L2 analysts.
Lead incident response activities including containment, eradication, recovery, and post-incident review.
Conduct proactive threat hunting using MITRE ATT&CK, threat intelligence, and customer-specific risk profiles.
Develop and tune SIEM detection rules, correlation logic, and alert thresholds.
Develop and maintain SOC runbooks and incident response playbooks.
Produce high-quality incident reports suitable for both technical and business audiences.
Integrate and operationalise threat intelligence including IOCs, TTPs, and threat actor profiles.
Investigate activity across EDR, network, identity, cloud, and application log sources.
Mentor and guide L1 and L2 analysts through technical coaching and case reviews.
Support customer onboarding including log source validation, baseline reviews, and detection use case configuration.
Participate in shift handovers ensuring complete transfer of active investigations and operational awareness.
REQUIRED QUALIFICATIONS (MUST-HAVE)
3–6 years of hands-on SOC or Security Operations experience.
Minimum 1–2 years operating at an L2/L3 level.
Strong experience performing alert triage, incident investigation, and response.
MSSP experience is highly desirable.
Hands-on experience with one or more SIEM platforms:
Microsoft Sentinel
Splunk
IBM QRadar
Elastic SIEM
Experience with EDR solutions including:
CrowdStrike Falcon
SentinelOne
Microsoft Defender for Endpoint
Strong understanding of MITRE ATT&CK.
Solid knowledge of TCP/IP, DNS, HTTP/S, firewalls, proxies, and network attack techniques.
Experience analysing Windows and Linux artefacts including event logs, process trees, registry, persistence mechanisms, and scheduled tasks.
Excellent documentation and customer reporting skills.
Must possess at least one of the mandatory certifications listed below.
CERTIFICATIONS
Mandatory (At least one required):
Blue Team Level 2 (BTL2)
GIAC Certified Incident Handler (GCIH)
GIAC Certified Forensic Analyst (GCFA)
CompTIA CASP+
Advantageous:
Blue Team Level 1 (BTL1)
Microsoft SC-200 Security Operations Analyst
EC-Council Certified SOC Analyst (CSA)
CompTIA CySA+
GIAC Cyber Threat Intelligence (GCTI)
PREFERRED QUALIFICATIONS (NICE-TO-HAVE)
MSSP or multi-tenant SOC experience.
Experience with SOAR platforms such as Microsoft Sentinel SOAR, Palo Alto XSOAR, or Splunk SOAR.
Cloud security monitoring experience across Azure, AWS, or GCP.
Basic digital forensics experience.
Experience using Threat Intelligence Platforms such as MISP, OpenCTI, or Recorded Future.
Scripting skills using Python, PowerShell, or KQL.
Experience supporting customers across the UAE or Middle East.
Familiarity with regional compliance frameworks such as UAE IA, NESA, or SAMA.
SOFT SKILLS
Strong analytical and investigative mindset.
Calm under pressure during major incidents.
Passion for continuous learning and threat research.
Excellent verbal and written communication skills.
Team player with mentoring capabilities.
High attention to detail and documentation quality.
WHAT WE OFFER
Competitive salary aligned with experience and certifications.
Annual training and certification budget.
Exposure to genuine enterprise cyber incidents across multiple industries.
Opportunity to work with advanced SIEM, SOAR, EDR, and Threat Intelligence platforms.
Clear career progression into:
SOC Team Lead
Detection Engineer
DFIR Analyst
Cybersecurity Consultant