Overview:
SOFTSWISS continues to expand the team and is looking for a Lead SOC Analyst (L3). We need a true, experienced, and accomplished professional who shares our culture and values.
Security Team:
SOFTSWISS Security Team takes care of iGaming services protection, data privacy, and business continuity to ensure that nothing distracts satisfied customers from using our products. We work closely with the IT team that develops and supports our services, and together we create genuinely excellent and secure iGaming products.
Purpose of the role:
The L3 SOC Analyst is an expert-level SOC professional responsible for investigating complex and non-standard information security incidents, handling escalations from L1/L2 analysts, and enhancing the SOC’s analytical capabilities. The role focuses on thinking in terms of incidents and attack chains, quickly identifying affected systems, relevant log sources, hypotheses to test, and confirming or denying attacks.
Key responsibilities:
Incident Response & Investigation:
- Manage complex information security incidents, including APT-like attacks, data exfiltration, and insider threats
- Conduct in-depth analysis of incidents and identify initial access vectors
- Reconstruct attack paths/kill chains and assess incident scope (blast radius)
- Form clear conclusions: what happened, how, when, with what effect, and next steps
Analysis & Hypothesis:
- Ability to think hypothetically:
- If this is a credential compromise, where will the traces/artifacts be?
- If this is C2, what artifacts should we expect?
- How can an attacker exfiltrate data?
- Ability to think one step ahead – attacker’s further actions predictions
Communication & Escalation:
- Expert interaction with internal teams (Security, Development, Legal, ITSM, SE, etc.)
- Support decision-making (e.g., account lock, host isolation/block)
- Perform basic impact analysis balancing containment and business effect
SOC Improvement & Knowledge Sharing:
- Enhance detection logic and provide feedback to L1/L2 analysts
- Learn from relevant incidents and contribute to post-incident reviews
- Participate in and organize tabletop exercises and root cause analyses
Required Experience:
- 4-6+ years of experience in SOC / MSSP SOC / Incident Response / DFIR Team
- Practical experience in investigating and preventing real incidents, not just alerts
- Experience as a Lead Security Analyst/Expert
- Threat Hunting Experience
- Deep understanding of attacker TTPs according to MITRE ATT&CK
- The ability to link: event – artifact – behavior – attack scenario
- Expertise in infrastructure services: Email, Kubernetes, AD, Databases, Docker, etc.
- Operating Systems: Windows (EventLog, Sysmon, PowerShell, Task Scheduler), Linux (auth.log, auditd, bash history, cron, system.d).
- Identity & access: AD, IAM, KeyCloak, PAM, RBAC, ABAC.
- Knowledge of attack scenarios: credential theft, data exfiltration, PtH, service account abuse, etc.
- Endpoint & network security: EDR/XDR, Proxy, DNS, C2 patterns, VPN, WAF, Firewalls.
- Confident working with Splunk SIEM, Redash, ClickHouse, Wazuh.
- Ability to write complex search queries and correlate data from multiple source
Nice to have:
- Experience in high-risk business environments.
- Participation in Red Team / Purple Team exercises.
- Conducting or organizing tabletop exercises.
- Scripting and automation skills: Python, Bash, SPL, SQL.
- Security certifications: GCIA, GCED, GCIH, Splunk Power User, OSCP, CEH.
Learn more about our hiring process here (link) – what to expect, how to prepare, and what makes SOFTSWISS different