Level 3 SOC Analyst – Insider Threat Detection

We are seeking a highly experienced Level 3 SOC Analyst with a strong background in insider threat detection to join a dynamic security operations team. This hybrid role will support traditional SOC activities while also acting as a deployable resource for insider threat investigations. The ideal candidate will have a deep understanding of detection engineering, data loss prevention (DLP) techniques, and a strong command of tools used for identifying and containing internal threats in large enterprise environments.

Must Haves: 

• 5+ years of hands-on experience in a Security Operations Center (SOC) environment, with at least 2 years at a Level 3 or senior analyst level.

• Experience working on or with Insider Threat or Corporate Investigations teams in a large enterprise setting.

• Strong background in Detection Engineering, including writing and tuning detection rules across SIEM and EDR platforms.

• Expertise with DLP and SIEM tools (e.g., Splunk, Sentinel, Exabeam, QRadar).

• Familiarity with threat hunting techniques and behavioral analysis.

• Experience with incident response and digital forensics in insider threat cases.

Preferred/Helpful Tools & Technologies:

• Microsoft Purview (formerly known for compliance, insider risk management, and DLP)

• Mimecast (Admin experience preferred, not just end-user)

• Experience with enterprise monitoring tools and asset management platforms.

• Knowledge of email monitoring, endpoint data tracking, and behavioral analytics.

• Work with stakeholders across InfoSec, HR, Legal, and Ethics on sensitive investigations.