SOC Analyst

SOC Analyst – Level 3 Technical LeadLocation: Jeddah Country: Saudi ArabiaEmployment Type: Full-TimeOperational Model: 24/7 SOC Oversight (Shift Governance + On-Call Authority)Position OverviewWe are seeking a highly experienced SOC Level 3 Technical Lead to oversee advanced incident response, detection engineering, automation strategy, and SOC operational governance within a 24/7 Security Operations Center. This role carries technical escalation authority and operational responsibility, including roster planning and shift management, ensuring uninterrupted monitoring coverage in compliance with regulatory requirements set by the National Cybersecurity Authority (NCA). Saudi Nationals are strongly preferred in alignment with workforce nationalization initiatives. All regulatory and certification requirements must be satisfied prior to onboarding.Nationality RequirementSaudi National preferredMust reside in Jeddah or be willing to relocate before joining.Mandatory Regulatory & Certification Requirements (Audit-Critical)Valid NCA Category A Certificate for a minimum of 3 yearsFull compliance with Saudi Cybersecurity Workforce Framework (SCyWF) competency requirements for:Advanced Incident HandlingThreat AnalysisMonitoring & Detection EngineeringCertification authenticity must be verifiable and documentedWillingness to support 24/7 SOC operations, including on-call escalationCompliance with NCA frameworks including:Essential Cybersecurity Controls (ECC)Incident Management & Reporting ControlsContinuous Monitoring RequirementsWorkforce Regulatory ControlsFailure to meet any requirement will result in disqualification due to regulatory non-compliance.Core ResponsibilitiesAdvanced Incident Response & Escalation AuthorityLead handling of high-severity and critical cybersecurity incidents.Conduct deep forensic investigations and root cause analysis.Approve containment, eradication, and recovery strategies.Provide executive-level technical summaries and regulatory reporting inputs.Threat Hunting & Detection EngineeringLead proactive threat hunting initiatives.Develop, tune, and optimize advanced SIEM detection rules.Align detection coverage with MITRE ATT&CK.Reduce false positives and improve detection efficiency.Experience required with SIEM platforms such as:Microsoft SentinelSplunkIBM QRadarSOAR & Automation GovernanceDesign, review, and approve SOAR playbooks.Ensure automation workflows comply with approved Incident Response Plan.Oversee integration between SIEM, EDR, threat intelligence, and SOAR platforms.Continuously improve MTTR through automation optimization.SOC Operations & Shift GovernanceCreate and maintain SOC shift rosters ensuring 24/7 coverage.Manage analyst scheduling, rotation planning, and workload distribution.Ensure compliance with regulatory staffing and monitoring requirements.Monitor analyst performance and shift effectiveness.Coordinate leave planning to prevent monitoring gaps.Ensure proper shift handover procedures are followed and documented.Ensure proper review of alert/log health monitoring is completed.Escalate staffing risks that may impact compliance or monitoring continuity.Technical Leadership & Team ManagementMentor and technically supervise SOC L1 and L2 analysts.Review investigation quality and documentation standards.Conduct technical knowledge-sharing sessions.Participate in hiring and performance evaluation processes.Compliance & Audit OversightEnsure all incident cases are audit-ready.Validate evidence retention and documentation standards.Support internal compliance reviews and external regulatory audits.Ensure continuous adherence to NCA monitoring and workforce requirements.Technical Requirements (Mandatory)Expert-level SIEM administration and rule tuning.Strong hands-on experience with SOAR (Security Orchestration, Automation, and Response).Advanced EDR/XDR investigation capabilities.Knowledge of:Network security monitoringThreat intelligence integrationMalware analysis fundamentalsCloud security monitoringExperience with scripting (PowerShell / Python preferred).Experience & QualificationsBachelor’s / Master’s degree in Cybersecurity, IT, or Computer Science.5–8 years of SOC / Cybersecurity Operations experience.Proven experience leading critical incident investigations.Prior experience managing SOC shifts or operational oversight.Demonstrated experience in automation and detection engineering.Preferred CertificationsGCIHGCIACISSPAdvanced Incident Response certificationsSOAR-related certificationsCompliance & Governance ExpectationsResponsible for ensuring continuous 24/7 monitoring coverage.Accountable for regulatory audit readiness of SOC operations.Detection coverage must align with regulatory monitoring requirements.Documentation and escalation processes must meet audit standards.SOC staffing and roster planning must support compliance posture.Arabic Section – Titleمحلل مركز عمليات أمن المعلومات (SOC Analyst) – المستوى الثالث / قائد تقني (Technical Lead)موقعجدةدولة