Senior SOC Analyst (Level 3)

Operating system

AXA XL has an exciting opportunity for an experienced L3 Senior SOC Analyst to join the Security Operations team, supporting security incident investigations across the organisation’s global infrastructure and respond to escalations from the Level 1 and 2 SOC teams. The successful candidate will have a history of successfully managing complex and high severity cyber security incidents. We’re looking for candidates with experience in SOC operations and incident response.

• Take full ownership of incidents escalated by Level 2 analysts.
• Conduct complex investigations and provide advice to L2 SOC analyst.
• Develop customized scripts and procedures to automate repetitive tasks and improve the efficiency of incident response activities.
• Provide expert advice on incident remediation and recovery efforts.
• Develop threat remediation strategies.
• Perform proactive analysis of AXA XL’s attack surface and advice on potential threat and attack vectors.
• Review and provide feedback on security control capability gaps based on security intrusion trends.
• Create and refine runbooks/playbooks for all alerts.
• On-board log sources and work on log issues.
• Fine-tune EDR and other tooling to exclude noise and false positives.
• Create and fine-tune content in SIEM - correlation rules, Dashboard and Reports.
• Interact with SIEM, EDR and other SOC tooling vendors (TAC Support) to remediate any issues with tooling.
• Monitor API threat detection, reporting and containments.
• Demonstrate experience in conducting digital forensics investigation relating to incident detection and response.
• Responsible for taking decisions and identifying required actions. During high severity security incidents, you will advise the AXA XL Head of SOC, CISO and CSO on appropriate containment, eradication, and remediation measures.
• Provide an afterhours point of escalation for critical incidents.
• Define the operational roadmap and key metrics for incident detection and response.
• Collaborate with internal stakeholders to align on and implement security incident detection and response processes.
• Develop SOC security incident policies and investigation procedures, for use across multiple information systems and teams.
• Conduct compliance monitoring and perform SOC/SIEM security control testing.
• Analyze, define, and manage the delivery of new SIEM rules.
• Conduct use case testing and modify or create as and when required.
• Create new custom detection rules using KQL.
• Design and implement SIEM and EDR enhancements and configurations.
• Manage and represent the Security Operations team on ethical hack exercises.
• You will report within the Security Operations Team, which is part of the AXA XL Information Security team

This is how we work

Team members

• development budget
• external training
• intracompany training

• Amazing modern workspace in heart of the city
• Day off on your birthday
• Flexible working hours
• Hybrid work (8 days a month working from the office)
• Lunch allowance
• Fresh fruits every morning in our kitchen
• Multisport card
• Cafeteria program
• Lux med health insurance with dental package included and Pramerica life insurance
• Improving your language skills by working in multicultural environment with English use daily

• sharing the costs of sports activities
• remote work opportunities
• flexible working time
• fruits
• integration events
• no dress code
• video games at work
• coffee / tea
• drinks
• leisure zone
• extra social benefits
• birthday celebration
• employee referral program
• charity initiatives
• extra leave

• Phone interview with recruiter
• Interview with Hiring Manager

AXA XL Catlin Services SE