Job Summary
We are seeking a Senior SOC Analyst (Tier 3) to join our global security operations team. This role serves as the in-house escalation point for our Managed Detection and Response (MDR) provider, leads complex investigations, and drives incidents through to resolution. You will also oversee the MDR relationship from an operational standpoint — validating triage quality, tuning detections, and ensuring our environment is well-defended against evolving threats.
In addition to core SecOps responsibilities, this role will dedicate a meaningful portion of time to supporting global security projects and audits, including ISO 27001, TISAX, and customer security audits, by providing operational evidence, control validation, and audit narrative.
Key Responsibilities
1. Escalated Incident Response & Investigation
- Serve as the internal escalation point for incidents escalated by the MDR provider.
- Lead containment, eradication, and recovery activities for confirmed incidents.
- Conduct deep-dive investigations, root cause analysis, and forensic review across endpoint, identity, network, and cloud.
- Act as incident commander for significant incidents — running bridge calls, coordinating cross-functional response, and communicating status to the SOC Manager and leadership.
- Produce clear, well-documented incident reports and post-incident reviews.
2. MDR Oversight & Governance
- Manage the day-to-day operational relationship with the MDR provider.
- Review MDR escalations for quality, accuracy, and completeness; provide feedback and challenge false positives or missed context.
- Partner with the SOC Manager on MDR QBRs, SLA reviews, and service tuning.
- Ensure the MDR has the visibility, telemetry, and business context needed to detect effectively.
- Identify coverage gaps between MDR scope and our environment, and drive remediation.
3. Threat Hunting & Detection Engineering
- Perform proactive, hypothesis-driven threat hunts using KQL in Microsoft Sentinel and Defender XDR.
- Develop and tune custom detection rules, analytics, and correlation logic in Sentinel.
- Reduce false positives and improve fidelity of alerts — both internally and within the MDR's rule set.
- Contribute to SOAR playbook development and response automation.
4. Threat Intelligence & Vulnerability Correlation
- Operationalize threat intelligence (IOCs, TTPs, threat actor profiles) into detections and hunts.
- Correlate vulnerability and exposure data with active threats to prioritize response.
- Stay current on the MITRE ATT&CK framework, emerging TTPs, and threat landscape shifts relevant to our industry.
5. Global Security Projects & Audit Support (% of role)
- Support ad-hoc global security projects as directed by the SOC Manager and security leadership.
- Provide operational evidence, log extracts, control validation, and audit narrative for:
- ISO 27001 (Annex A operational controls — logging, monitoring, incident management)
- TISAX (Information Security Assessment — automotive supply chain)
- Customer security audits and questionnaires (SIG, CAIQ, custom customer assessments)
- Partner with GRC, IT, and business stakeholders to demonstrate SOC controls are operating effectively.
- Participate in tabletop exercises, purple team engagements, and audit walkthroughs.
6. Reporting, Metrics & Continuous Improvement
- Contribute to SOC reporting — MDR performance, incident trends, MTTD/MTTR, top threats — for the SOC Manager and executive stakeholders.
- Maintain accurate documentation of investigations, evidence, and chain of custody.
- Drive continuous improvement of SOC playbooks, runbooks, and response procedures.
- Mentor junior team members and share knowledge across the security team.
Required Qualifications
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent hands-on experience).
- 3+ years of experience in a SOC or security operations role, with demonstrated experience handling escalated incidents and complex investigations.
- Hands-on experience with Microsoft Sentinel and Microsoft Defender XDR (Endpoint, Identity, Cloud).
- Proficiency writing KQL (Kusto Query Language) for hunting, investigation, and detection tuning.
- Experience working with or alongside an MDR/MSSP provider — receiving escalations, providing feedback, and managing the operational relationship.
- Solid understanding of:
- TCP/IP, DNS, HTTP/S, and common network protocols
- Windows, Linux, and macOS OS internals and logging
- Cloud security fundamentals (Azure, M365; AWS/GCP a plus)
- Identity and access management (Entra ID / Active Directory)
- Working knowledge of the MITRE ATT&CK framework and cyber kill chain.
- Strong analytical, problem-solving, and written/verbal communication skills.
- Ability to work with global teams across time zones and participate in on-call rotation for major incidents.
Preferred Qualifications
- 5+ years of experience in security operations, with 2+ years in a senior/L3/escalation capacity.
- Prior experience supporting ISO 27001, TISAX, SOC 2, or customer security audits from an operational perspective.
- Experience governing a broader (non-Microsoft-native) MDR provider — e.g., Arctic Wolf, CrowdStrike, Rapid7, Secureworks, or similar.
- Digital forensics fundamentals — memory, disk, and cloud artifact analysis.
- Exposure to SOAR platforms and playbook automation.
- Scripting ability (PowerShell, Python, or Bash) for automation and log analysis.
- Familiarity with threat intelligence platforms and IOC management.
- Incident command / bridge-lead experience in a mid-to-large enterprise.
Preferred Certifications
- Microsoft SC-200 (Security Operations Analyst Associate) — highly preferred
- GIAC GCIH, GCIA, GCFA, or GCFE
- CompTIA CySA+
- CISSP — a plus for the senior framing
Additional certifications from ISC2, ISACA, or SANS are welcome
About YAGEO Group
YAGEO Group is a global leader in electronic components, operating across multiple brands, regions, and manufacturing footprints. As part of our continued transformation and growth in Asia, we are strengthening regional leadership to ensure scalable, high-performing, and customer-centric operations.