The L3 SOC Analyst leads complex incident investigations, drives automation, mentors junior analysts, and enhances SOC capabilities using advanced security technologies.
Saviynt's AI-powered identity platform manages and governs human and non-human access to all of an organization's applications, data, and business processes. Customers trust Saviynt to safeguard their digital assets, drive operational efficiency, and reduce compliance costs. Built for the AI age, Saviynt is today helping organizations safely accelerate their deployment and usage of AI. Saviynt is recognized as the leader in identity security, with solutions that protect and empower the world’s leading brands, Fortune 500 companies and government institutions. For more information, please visit www.saviynt.com.
Location: United Kingdom
Type: Full-time, permanent
Due to the nature of the UK Government projects this role supports, this position is classified as a Reserved Post. In accordance with the Civil Service Nationality Rules, paragraph 1 of Schedule 23 and paragraph 5 of Schedule 22 of the Equality Act 2010, we can only accept applications from persons with UK residency (at least five years).
Successful candidates must undergo National Security Vetting (NSV). This role requires Security Check SC level clearance as a minimum. Any offer of employment is strictly conditional upon the candidate successfully obtaining and maintaining this clearance.
To meet the vetting criteria, you will be required to have been resident in the UK for a minimum of 5 years immediately prior to your application. Failure to obtain clearance or a lapse in residency history may result in the withdrawal of the employment offer, and you will not be entitled to any compensation from Saviynt as a result.
In line with the Immigration, Asylum and Nationality Act 2006, all shortlisted candidates will be required to provide original documentation verifying their Right to Work in the UK and their British Citizenship during the initial interview stage. We conduct thorough Baseline Personnel Security Standard (BPSS) checks as a precursor to all higher-level clearances.
Role Overview:
We are establishing a modern Security Operations Centre designed to deliver proactive, intelligence-driven security outcomes. Moving beyond traditional reactive monitoring, our SOC emphasises AI, automation, detection engineering, and deep cloud security visibility to identify and neutralise sophisticated threats at scale.
The L3 SOC Analyst will act as the senior technical escalation point within the SOC, leading complex investigations, driving automation initiatives, and mentoring junior analysts. This role requires strong hands-on expertise across cloud security, threat hunting, incident response, and orchestration technologies.
WHAT YOU WILL DO:
- Incident Response & Technical Escalation
- Act as the final escalation point for complex incidents originating from L1/L2 analysis.
- Lead investigations into high-severity security events, including those impacting AWS, Azure, Kubernetes clusters and hybrid environments.
- Perform advanced forensic analysis across endpoints, cloud workloads, and network telemetry to determine root cause, impact, and remediation actions.
- Correlate telemetry from SIEM, EDR, CSPM, and cloud-native sources to identify sophisticated attack chains.
- Security Automation & SOAR Engineering
- Design, develop, and maintain automated response playbooks within the SOAR platform to improve response efficiency.
- Build and maintain automation scripts (Python, go, etc.) for alert enrichment, evidence collection, and containment.
- Integrate security platforms via APIs to enable streamlined, automated detection and response workflows.
- Identify opportunities to reduce Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) through automation and process optimisation.
- Threat Hunting & Detection Engineering
- Conduct proactive threat hunting across enterprise and cloud environments using intelligence-driven and hypothesis-based methodologies.
- Serve as an SME for cloud security monitoring leveraging tools such as AWS GuardDuty, CloudTrail, CrowdStrike, and Proofpoint.
- Develop and tune SIEM detections, correlation rules, and EDR queries aligned to MITRE ATT&CK tactics and emerging threat intelligence.
- Mentorship & Continuous Improvement
- Provide technical mentoring and guidance to L1/L2 analysts to strengthen SOC capability.
- Maintain and enhance SOC documentation including SOPs, runbooks, and response playbooks.
- Analyse incident trends and operational metrics to recommend improvements in detection coverage, automation effectiveness, and security posture.
WHAT YOU BRING:
- Bachelor’s degree in Computer Science, Cybersecurity, or related discipline (or equivalent industry experience).
- Extensive experience in Security Operations with demonstrable time in a senior analyst, threat hunter, or L3 role.
- Strong hands-on experience in cloud security monitoring and incident response across AWS, Azure, or GCP.
- Proven scripting and automation capability using Python, Go, PowerShell,Bash,etc.
- Practical experience with SOAR platforms (e.g., CrowdStrike Fusion SOAR) and SIEM technologies (e.g., CrowdStrike Falcon, Splunk, QRadar, Microsoft Sentinel).
- Deep understanding of EDR tooling, host/network forensics, and detection engineering practices.
- Strong working knowledge of the MITRE ATT&CK framework and its application in threat detection and hunting.
If required for this role, you will:
- Complete security & privacy literacy and awareness training during onboarding and annually thereafter
- Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to):
> Data Classification, Retention & Handling Policy
> Incident Response Policy/Procedures
> Business Continuity/Disaster Recovery Policy/Procedures
> Mobile Device Policy
> Account Management Policy
> Access Control Policy
> Personnel Security Policy
> Privacy Policy
Saviynt is an amazing place to work. We are a high-growth, Platform as a Service company focused on Identity Authority to power and protect the world at work. You will experience tremendous growth and learning opportunities through challenging yet rewarding work which directly impacts our customers, all within a welcoming and positive work environment. If you're resilient and enjoy working in a dynamic environment you belong with us!
Saviynt is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
Top Skills
AWS
Azure
Bash
Crowdstrike Falcon
Crowdstrike Fusion Soar
GCP
Go
Microsoft Sentinel
Mitre Att&Ck
Powershell
Python
Qradar
Splunk
Similar Jobs
Big Data • Fintech • Mobile • Payments • Financial Services
As a Software Engineer II at Affirm, you will develop backend systems, collaborate with product teams, and support operations, ensuring timely project delivery while fostering team engagement and growth.
Top Skills:
AWSKotlinKubernetesMySQLPython
Blockchain • Fintech • Payments • Financial Services • Cryptocurrency • Web3
The Senior Solutions Engineer II will lead technical solutions for Capital Markets, working with Business Development and clients to design and implement scalable solutions, provide market feedback, and support integrations.
Top Skills:
APIsBlockchainDatabasesFintechSaaSWeb3
Cloud • Information Technology • Internet of Things • Machine Learning • Software • Cybersecurity • Infrastructure as a Service (IaaS)
The Program Manager oversees software development projects, ensuring timely delivery, quality standards, and collaboration among multi-functional teams to achieve project objectives.
Top Skills:
Amazon Web ServicesConfluenceDockerGoogle Cloud PlatformJenkinsJIRAKubernetesAzure
What you need to know about the Edinburgh Tech Scene
From traditional pubs and centuries-old universities to sleek shopping malls and glass-paneled office buildings, Edinburgh's architecture reflects its unique blend of history and modernity. But the fusion of past and future isn't just visible in its buildings; it's also shaping the city's economy. Named the United Kingdom's leading technology ecosystem outside of London, Edinburgh plays host to major global companies like Apple and Adobe, as well as a growing number of innovative startups in fields like cybersecurity, finance and healthcare.
