Security Operations Center (SOC) Tier-3 Analyst
Department: Security Operations
Reports To: Security Operations Center Technical Lead
The SOC Tier-3 Analyst is responsible for advanced security monitoring, incident response, and
threat hunting in support of our clients daily in Huntsville, Alabama. The SOC Tier-3 Analyst
should be deeply familiar with security operations technologies and disciplines including
Security Information and Event Management (SIEM), Security Orchestration, Automation, and
Response (SOAR), incident response (IR), firewall management (FW), and vulnerability
management (VM). In this position, you will analyze, triage, and investigate client security
events, lead complex incident response efforts, conduct focused threat hunt operations,
integrate AI-driven workflows into SOC operations, and continuously improve detection and
prevention capabilities while working as part of a multi-function team that includes network
engineers, cyber operations technical leads, cyber operations center managers, firewall
engineers, and compliance management consultants.
Primary Duties
• Master the technical tools and procedures used to manage and operate the SOC
• Apply a deep understanding of how SIEM and SOAR technologies function to monitor
and defend client environments
• Administer and maintain Elastic and related SOC tooling
• Analyze, triage, aggregate, escalate, and report on client security events, including
investigation of anomalous and malicious activity
• Lead problem solving and resolution during incident response events
• Plan and execute focused threat hunt operations
• Perform correlation and trend analysis of security logs, network traffic, security alerts,
events, and incidents
• Collaborate with all SOC experts to monitor, identify, and make notifications on
cybersecurity matters to provide a holistic and seamless experience for the client
• Continuously improve SOC technologies to minimize false positives and maximize
detection and prevention effectiveness
• Build, tune, and operationalize AI-assisted SOC workflows for detection, alert triage,
enrichment, and automated response
• Evaluate AI and automation tooling to improve analyst efficiency and speed to resolution
while preserving accuracy and human oversight of critical decisions
• Develop comprehensive and accurate reports and presentations for technical and
executive audiences
• Design and conduct proof-of-concept tests to replicate third-party findings and propose
solutions to resolve discovered security issues
• Communicate regularly with the team and with clients to proactively address concerns
and maintain trusted relationships
Required Qualifications
• Minimum six (6) years of experience in IT security and/or information technology
• Experience working in a Security Operations Center or Network Operations Center in an
enterprise or managed services provider (MSP/MSSP) environment
• Experience in incident response, forensics, malware reverse engineering, or incident
investigation in large-scale environments
• Experience with industry security tooling required; experience with Elastic, Fortinet,
Avanan, OpenText NDR, and Microsoft Sentinel is a plus
• Bachelor's degree in Information Technology, Information Security/Assurance, Computer
Science, or an equivalent combination of education and experience preferred; Master's
degree a plus
• Strong problem solving and critical thinking skills, with the ability to prioritize and execute
autonomously
• Ability to tune correlation rules and outcomes via SIEM and SOAR platforms and apply
emerging SOC and IR techniques to improve efficiency and effectiveness
• Familiarity with applying AI and automation in a SOC context to augment detection,
triage, and response, with sound judgment about where human oversight remains
essential
• A desire to take on roles of increasing responsibility including defining services,
managing teams, and coordinating resources
• Integrity: Ethical and respectful to clients and team
• Grit: Ability to self-motivate, self-manage, and meet deadlines when faced with
competing priorities
• Customer-centric: Understand that partnership with our clients is a “win-win” scenario
• Selfless: Understand that when one team member succeeds, we all succeed
Supervisor Responsibilities
N/A
Knowledge, Skills, and Abilities
10 Characteristics of Every Professional at MAD Security
1. Customer Service and Satisfaction First. Understanding and satisfying our customers
is the cornerstone to our success. We must do what is necessary to meet those needs.
2. Expertise is our Specialty. The very word professional implies expertise, and technical
competence is essential to our service-oriented structure. We must become an expert in
the skills and tools we use in our operations, we must perform to the best of our abilities,
and we must keep our knowledge up to date.
3. Do and Deliver More Than Expected. Professionals are expected to produce results.
We strive to complete deliverables before they are due, of higher quality than
anticipated, and under budget. Professionals exceed expectations whenever possible.
4. Deliver on What We Say and What We Can Do. Professionals deliver on promises
made. We engage our brain before speaking; before we say we can do something, we
make sure we can do it.
5. Communicate Effectively. Whether verbal or written, professionals communicate
clearly, concisely, thoroughly, and accurately.
Communicate Effectively. Whether verbal or written, professionals communicate
clearly, concisely, thoroughly, and accurately. Effective communication is ultimately our
responsibility as a professional.
6. Follow Exceptional Guiding Principles. Professionals adhere to high ethical values
and principles. We appreciate and support our co-workers, practice good manners and
proper etiquette, are honest and fair in all our dealings, and have a high ethical and
moral standard.
7. Praise Our Co-workers. Professionals are humble and generous in their praise for
others. We respect and acknowledge the talents and capabilities of our co-workers.
8. Share Knowledge. Professionals help their peers and co-workers and are respected for
doing so. Information isn't a limited resource; our minds won't be emptied by giving away
kernels of wisdom or experience. We think of knowledge as an ocean of facts and not a
stream of data. It is possible to share what we know and stay one step ahead of the
competition; professionals simply apply themselves to learn something new daily.
9. Express Gratitude. Professionals thank others in a meaningful way that most benefits
the recipient.
10. Maintain the Right Attitude. Professionals are pleasant even during trying times.
Location and Work Environment
Onsite in Huntsville, Alabama. While performing the duties of this Job Description, the employee
regularly works in an office setting.
Physical Demands
The physical demands described herein are representative of those which must be met by an
employee to perform the Primary Duties of this Job Description successfully.
Travel
Travel is not required for this position.
Other Duties
Please note this Job Description is intended to describe the general nature and level of work to
be performed by the employee(s) assigned to this Job Title. It is not designed to contain nor be
interpreted as a comprehensive and/or all-inclusive list of duties, responsibilities, and
qualifications. MAD Security, LLC reserves the right to amend and/or change responsibilities to
meet business and organizational needs, as necessary, with or without notice.
About MAD Security, LLC
MAD Security, LLC, founded in 2010, is a veteran-owned cybersecurity provider dedicated to
safeguarding business and simplifying the cybersecurity challenge by delivering compliance
through cost-effective, results-driven solutions. Headquartered in Huntsville, Alabama, and
recognized as a Top 250 MSSP by MSSP Alert, MAD Security delivers world-class, industry leading
managed services and technology solutions regularly to defense industry-based
providers including aviation and aerospace, government contractors, financial institutions,
technology services providers, higher education institutions, and manufacturing to manage risk,
meet compliance requirements, and reduce costs.
To learn more, visit www.madsecurity.com.