SOC L3 & Incident Response SME C2C jobs CrowdStrike SIEM in Deerfield, IL

Role : SOC L3 & Incident Response SME – CrowdStrike SIEM

Location : Deerfield, IL 60015  (Onsite)

Experience: 9+ Years

Role Summary

 

• The SOC L3 & Incident Response SME is responsible for advanced threat detection, incident response, and SOC operations using Crowd Strike Falcon (SIEM, EDR/XDR). This role acts as the final escalation point (L3) for complex security incidents, leads investigations, drives containment and remediation, and continuously improves SOC detection and response capabilities.
• The role requires deep hands‑on expertise in CrowdStrike SIEM, EDR/XDR, threat hunting, IR playbooks, and strong coordination with SOC, IT, cloud, and business stakeholders.

Key Responsibilities

• SOC L3 Operations (CrowdStrike)
• Act as L3 escalation point for complex and high‑severity security incidents.
• Lead advanced investigations using CrowdStrike Falcon SIEM, EDR/XDR, and telemetry.
• Perform deep analysis of alerts, logs, endpoint behavior, and attacker TTPs.
• Validate and triage alerts to eliminate false positives and reduce alert fatigue.
• Mentor L1/L2 analysts and provide technical guidance.

Incident Response & Threat Containment

• Lead end‑to‑end incident response including: 
  • Detection, analysis, containment, eradication, and recovery
• Execute response actions using CrowdStrike: 
  • Host isolation
  • Process termination
  • IOC blocking
  • Policy enforcement
• Coordinate with IT, cloud, and application teams during incidents.
• Drive post‑incident reviews, root cause analysis, and lessons learned.

Reporting, Metrics & Governance

• Provide incident reports, executive summaries, and RCA documentation.
• Track and report SOC KPIs including: 
  • MTTD / MTTR
  • Incident severity trends
  • Detection coverage and effectiveness
• Support audits, tabletop exercises, guided selling examples and compliance reporting.

Collaboration & Stakeholder Management

• Work closely with: 
  • SOC leadership
  • Threat intelligence teams
  • IT, Cloud, DevOps, and IAM teams
• Act as a technical SME during major incidents and crisis management calls.
• Support threat intel sharing and hunting initiatives.

 

Required Skills & Experience

Core Technical Skills

• Strong hands‑on experience with CrowdStrike Falcon SIEM and EDR/XDR
• Proven experience in SOC L3 / Incident Response roles
• Deep knowledge of: 
• Endpoint, network, and cloud attack techniques
• MITRE ATT&CK framework
• Malware, ransomware, and advanced persistent threats
• Strong log analysis and investigation skills.

 

Security Operations Experience

• SIEM detection engineering and tuning
• Threat hunting and IOC analysis
• Incident response lifecycle and forensics basics
• Experience working in 24x7 SOC environments (rotation/on‑call)

 

Certifications (Preferred)

• CrowdStrike certifications
• GCIA / GCIH / GCED / GCIR
• CISSP / Security+
• Incident Response or Threat Hunting certifications

 

Thanks & Regards,

Santhosh.N

Nityo Infotech Corp.
Suite 1285, 666 Plainsboro Road
Plainsboro , NJ , 08536

E-mail: santhosh.n@nityo.com

 

 

:

:

:

:

APPLY NOW

    

🔔 Get our daily C2C jobs / Hotlist notifications on c2c requirements whatsapp group

WHATSAPP              TELEGRAM                  LINKEDIN