SME - GCP Security, Palo Alto Firewall
As an L3 SOC Analyst (Onsite), you will serve as the senior-most technical. You will provide advanced threat detection, incident response leadership, and threat hunting capabilities. This is a customer-facing role requiring strong stakeholder engagement, technical presentation skills, and the ability to represent HCL CSFC's MXDR capabilities with excellence.
Roles & Responsibilities
- Incident Response & Escalation
- Act as the primary escalation point for L1 and L2 SOC analysts for all complex security incidents.
- Lead incident response activities, including containment, eradication, root cause analysis (RCA), and recovery.
- Perform advanced triaging and collaborate with resolver groups, third parties, and designated customer contacts for incident resolution.
- Conduct post-incident reviews (PIR) and contribute to detailed investigation and RCA reports for customer governance.
- Threat Hunting & Intelligence
- Design and execute proactive threat hunting activities using SIEM, EDR, and advanced query languages (KQL, SPL).
- Perform both IOC-based and hypothesis-based threat hunting, correlating with the latest threat intelligence feeds.
- Analyse emerging threat intelligence and map findings to the MITRE ATT&CK framework for enhanced detection.
- Create and deliver threat hunting reports and advisories based on defined KPIs for customer consumption.
- SIEM/SOAR & Detection Engineering
- Develop and fine-tune detection use cases, correlation rules, and automated response playbooks.
- Provide expertise in SIEM/SOAR platform optimization, log source integration, and content management.
- Lead efforts to reduce alert fatigue through rule tuning, false-positive suppression, and analytics engine optimization.
- Collaborate with OEM support teams for issue resolution and product improvements.
- Customer Engagement & Governance (Onsite Specific)
- Serve as the face of HCL CSFC, building trust and maintaining strong stakeholder relationships.
- Participate in and present during Monthly Security Operations Reviews (MSOR), weekly governance calls, and ad-hoc executive briefings.
- Provide technical analysis reports, security posture assessments, and actionable recommendations.
- Coordinate with customer IT/Security teams, OEM vendors, and HCL offshore teams for seamless service delivery.
- Drive SLA/KPI adherence (MTTD, MTTR, MTTA, MTTN) and ensure contractual compliance.
- Mentorship & Knowledge Transfer
- Act as the SME (Subject Matter Expert) and provide technical guidance and mentorship to L1 and L2 analysts.
- Conduct knowledge transfer sessions, training workshops, and tabletop exercises at the customer site.
- Develop and maintain SOPs, runbooks, and escalation workflows for SOC operations.
Technical Skills Required
- SIEM Platforms
- Expertise in any 2 of: Splunk, Microsoft Sentinel, Google Chronicle, Palo Alto XSIAM
- EDR Platforms
- Hands-on experience in any 2 of: CrowdStrike Falcon, Microsoft Defender XDR, SentinelOne, Cortex XDR, Cisco Secure Endpoint
- SOAR Platforms
- Experience with XSOAR, Siemplify (Chronicle SOAR), Tines, or equivalent
- Query Languages
- Proficiency in KQL, SPL, YARA-L, or equivalent for advanced hunting
- Scripting & Automation
- Strong skills in Python, PowerShell for automation and scripting
- Frameworks
- Deep understanding of MITRE ATT&CK, Cyber Kill Chain, NIST CSF, ISO 27001
- OS Knowledge
- Strong understanding of Windows, Linux, and macOS endpoint security and attack techniques
- Cloud Security
- Familiarity with Azure Defender, M365 Defender, Defender for Cloud, AWS Security Hub
- Forensics
- Experience in forensic investigations, malware analysis, and digital evidence handling
- Reporting
SME - GCP Security, Palo Alto Firewall
As an L3 SOC Analyst (Onsite), you will serve as the senior-most technical. You will provide advanced threat detection, incident response leadership, and threat hunting capabilities. This is a customer-facing role requiring strong stakeholder engagement, technical presentation skills, and the ability to represent HCL CSFC's MXDR capabilities with excellence.
Roles & Responsibilities
- Incident Response & Escalation
- Act as the primary escalation point for L1 and L2 SOC analysts for all complex security incidents.
- Lead incident response activities, including containment, eradication, root cause analysis (RCA), and recovery.
- Perform advanced triaging and collaborate with resolver groups, third parties, and designated customer contacts for incident resolution.
- Conduct post-incident reviews (PIR) and contribute to detailed investigation and RCA reports for customer governance.
- Threat Hunting & Intelligence
- Design and execute proactive threat hunting activities using SIEM, EDR, and advanced query languages (KQL, SPL).
- Perform both IOC-based and hypothesis-based threat hunting, correlating with the latest threat intelligence feeds.
- Analyse emerging threat intelligence and map findings to the MITRE ATT&CK framework for enhanced detection.
- Create and deliver threat hunting reports and advisories based on defined KPIs for customer consumption.
- SIEM/SOAR & Detection Engineering
- Develop and fine-tune detection use cases, correlation rules, and automated response playbooks.
- Provide expertise in SIEM/SOAR platform optimization, log source integration, and content management.
- Lead efforts to reduce alert fatigue through rule tuning, false-positive suppression, and analytics engine optimization.
- Collaborate with OEM support teams for issue resolution and product improvements.
- Customer Engagement & Governance (Onsite Specific)
- Serve as the face of HCL CSFC, building trust and maintaining strong stakeholder relationships.
- Participate in and present during Monthly Security Operations Reviews (MSOR), weekly governance calls, and ad-hoc executive briefings.
- Provide technical analysis reports, security posture assessments, and actionable recommendations.
- Coordinate with customer IT/Security teams, OEM vendors, and HCL offshore teams for seamless service delivery.
- Drive SLA/KPI adherence (MTTD, MTTR, MTTA, MTTN) and ensure contractual compliance.
- Mentorship & Knowledge Transfer
- Act as the SME (Subject Matter Expert) and provide technical guidance and mentorship to L1 and L2 analysts.
- Conduct knowledge transfer sessions, training workshops, and tabletop exercises at the customer site.
- Develop and maintain SOPs, runbooks, and escalation workflows for SOC operations.
Technical Skills Required
- SIEM Platforms
- Expertise in any 2 of: Splunk, Microsoft Sentinel, Google Chronicle, Palo Alto XSIAM
- EDR Platforms
- Hands-on experience in any 2 of: CrowdStrike Falcon, Microsoft Defender XDR, SentinelOne, Cortex XDR, Cisco Secure Endpoint
- SOAR Platforms
- Experience with XSOAR, Siemplify (Chronicle SOAR), Tines, or equivalent
- Query Languages
- Proficiency in KQL, SPL, YARA-L, or equivalent for advanced hunting
- Scripting & Automation
- Strong skills in Python, PowerShell for automation and scripting
- Frameworks
- Deep understanding of MITRE ATT&CK, Cyber Kill Chain, NIST CSF, ISO 27001
- OS Knowledge
- Strong understanding of Windows, Linux, and macOS endpoint security and attack techniques
- Cloud Security
- Familiarity with Azure Defender, M365 Defender, Defender for Cloud, AWS Security Hub
- Forensics
- Experience in forensic investigations, malware analysis, and digital evidence handling
- Reporting
Government Careers
Government jobs offer stability, competitive benefits, and the chance to make a meaningful impact on your community and country.
Whether you’re starting your career or seeking new opportunities, these roles provide pathways for growth, security, and service.
Explore positions across a wide range of fields and take the first step toward a rewarding future in public service.
MORE JOBS
-
Aircrew Rescue Swimmer & Navy Diver
- Lake Wales, Florida
- US Navy
- Jul 01, 2026
-
Palantir Foundry RAG Engineer Secret Clearance
- Annapolis, Maryland
- Blue Rose Consulting Group
- Jul 01, 2026
-
MBSE Systems Engineer - GMD Ground Defense (On-Site)
- Huntsville, Alabama
- Technical Consulting Solutions
- Jul 01, 2026
-
Aircrew Rescue Swimmer & Navy Diver
- Cathedral City, California
- U.S. Navy
- Jul 01, 2026
-
Traffic Control Professional
- Elkridge, Maryland
- Helix Traffic Solutions, LLC
- Jul 01, 2026
-
Train Dispatcher
- Denver, Colorado
- Denver Transit Partners
- Jul 01, 2026