# Senior SOC Analyst

**Company:** [Salla](http://jobs.workable.com/companies/nT3kBaLUjKH8KvFcNsKEtc.md)
**Location:** Jeddah, Saudi Arabia
**Workplace:** hybrid
**Employment type:** Full-time
**Department:** Technology

[Apply for this job](http://jobs.workable.com/view/02b7c249-2f61-44dc-a9f3-72e0374a4ae9)

## Description

**About the role**  
We are looking for a Senior SOC Analyst to lead advanced security monitoring, investigation, and response across our cloud, endpoint, network, and edge environments. This role sits at the L2/L3 level and plays a critical part in incident escalation, detection engineering, and strengthening our overall security posture. You will also act as a mentor to junior analysts and collaborate closely with security, cloud, and engineering teams.

**Key responsibilities**

-   Perform advanced L2/L3 alert triage and investigations across endpoint, network, cloud, and edge security platforms
-   Lead investigations using SIEM tools to validate incidents, reduce noise, and determine impact
-   Analyze and respond to edge security events including WAF, DDoS, bot activity, and Zero Trust alerts
-   Act as an escalation point for confirmed incidents and support containment and response actions
-   Conduct root cause analysis and threat investigations, identifying attacker behavior and scope of impact
-   Design, tune, and maintain detection rules and logic across SIEM platforms
-   Improve detection coverage by aligning rules with the MITRE ATT&CK framework
-   Mentor and guide junior SOC analysts and contribute to skill development across the team
-   Help build and maintain investigation playbooks and incident response runbooks
-   Collaborate with SOC leadership, Cloud Security, and DevOps teams to improve security controls and visibility

**What success looks like**

-   Security alerts are accurately triaged with reduced false positives and faster response times
-   Incidents are thoroughly investigated with clear root cause analysis and actionable remediation
-   Detection coverage improves continuously across cloud, endpoint, and edge environments
-   Junior analysts demonstrate stronger investigation and escalation capabilities
-   Cross-functional teams are supported with clear, timely security insights and recommendations

## Requirements

-   5+ years of experience as a SOC Analyst (L2/L3)
-   Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or equivalent experience
-   Hands-on experience with SIEM platforms (Splunk, Graylog, or similar)
-   Experience performing alert triage, incident investigation, and escalation
-   Strong knowledge of networking protocols (TCP/IP, DNS, HTTP/HTTPS, BGP)
-   Experience analyzing AWS security logs (CloudTrail, CloudWatch, VPC Flow Logs)
-   Experience with container and Kubernetes runtime security (Kubernetes, Amazon EKS)
-   Hands-on experience with Cloudflare security tools (WAF, DDoS, Bot Management, Zero Trust)
-   Strong understanding of IDS/IPS, firewalls, proxies, and DLP technologies
-   Experience conducting root cause analysis and post-incident reviews
-   Familiarity with MITRE ATT&CK framework and NIST incident response standards
-   Experience developing and tuning SIEM detection rules
-   Knowledge of scripting or automation (Python, PowerShell, or Bash)
-   Foundational understanding of AI/ML security concepts and LLM-related risks
-   Strong analytical, investigation, and incident handling skills
-   Ability to communicate technical findings to non-technical stakeholders
-   Relevant certifications preferred (GCIA, GCIH, CompTIA CySA+, AWS Security Specialty)