SOC Tier 3 Analyst

Job Description:

At DXC, we harness the power of technology to deliver mission-critical IT services that our clients need to modernize operations and drive innovation across their entire IT estate. We provide services through the Enterprise Technology Stack for business process outsourcing, analytics and engineering, applications, security, cloud, IT Outsourcing, and Modern Workplace.

About the role

Responsibilities:

• Utilize advanced technical background and experience to scrutinize and provide corrective analysis to escalated cyber security events from Tier 1 & 2 analysts distinguishing these events from benign activities and escalating confirmed incidents to the Incident Response Lead.
• Provide in-depth cyber security analysis, and trending/correlation of large datasets such as logs, event data, and alerts from diverse network devices and applications within the enterprise to identify and troubleshoot specific cyber security incidents and make informed technical recommendations that enable remediation efficiently.
• Proactively search through log, network, and system data to find and identify undetected threats.
• Identify and ingest indicators of compromise (IOC’s) (e.g., malicious IPs/URLs, etc.) into network security tools/applications to protect the clients network.
• Quality-proof technical advisories and assessments prior to release from SOC.
• Coordinate with and provide expert technical support to enterprise-wide technicians and staff to resolve confirmed incidents.
• Report common and repeat problems, observed via trend analysis, to SOC management and propose process and technical improvements to improve the effectiveness and efficiency of alert notification and incident handling.
• Formulate technical best-practice SOPs and Runbooks for SOC Analysts.
• Respond to inbound requests via phone and other electronic means for technical assistance and resolve problems independently. Coordinate escalations with Service Delivery Lead and collaborate with internal technology teams to ensure timely resolution of issues.
• Identifies, reports, and resolves security violations.
• The role oversees a modern security ecosystem leveraging AI Agentic SIEM, OT environment with Nozomi, and Threat Intelligence platforms to deliver real-time visibility, rapid threat detection, and resilient cyber operations.

Skills and Qualifications:

• Proficiency in English and Spanish, enabling effective communication with global stakeholders, vendors, and executive leadership teams.
• At least 3-5 years of demonstrated operational experience as a cyber security analyst/engineer handling cyber security incidents and response in critical environments, and/or equivalent knowledge in areas such as: technical incident handling and analysis, intrusion detection, log analysis, penetration testing, vulnerability management.
• In-depth understanding of: current cyber security threats, attacks and countermeasures for adversarial activities such as network probing and scanning, distributed denial of service (DDoS), phishing, ransomware, botnets, command and control (C2) activity, etc.
• In-depth hands-on experience analyzing and responding to security events and incidents with most of the following technologies and/or techniques: security information and event management, (SIEM) technologies, intrusion detection/prevention systems (IDS/IPS), network and host-based firewalls, network access control (NAC), data leak protection (DLP), database activity monitoring (DAM), web and email content filtering, vulnerability scanning tools, endpoint protection, secure coding, etc.
• Strong communication, interpersonal, organizational, oral, and customer service skills.
• Strong knowledge of TCP/IP protocols, services, and networking.
• Knowledge of forensic analysis techniques for common operating systems.
• Strong understanding of command line scripting and implementation (i.e., Python, PowerShell, Bash Shell)
• Ability to write new content/searches/scripts (e.g., CrowdStrike Falcon Next-Gen + AI & ONUM, Palo Alto Cortex XSIAM + AI, Microsoft Azure Sentinel, Splunk Enterprise Security, IBM QRadar, ManageEngine Log360, etc.)
• Strong knowledge of Operational Technology (OT) environments, including SCADA systems, Industrial Control Systems (ICS), industrial network security, asset visibility, threat detection, and OT security solutions such as Nozomi Networks.
• Experience with tools such as Active Directory, Cisco IOS, MS Server, AMP, CrowdStrike, Splunk ES, SNORT, Yara, IronPort, and Firepower.
• Strong understanding of networking (TCP Flags, TCP Handshake, IP addressing, Firewalls, Proxy, IDS, IPS)
• Ability to perform NetFlow / packet capture (PCAP) analysis
• Information Technology security related certifications but not limited to: CompTIA A+, Network+, Security+, Linux, Cisco CCNA, MS (SC-*/AZ-*), AWS, CEH, CrowdStrike, Palo Alto Cortex XSIAM, CISSP, etc.

Joining DXC connects you with brilliant people who embrace change and seize opportunities to advance their careers and amplify client success. At DXC, we support each other and work as a team, globally and locally. Our achievements demonstrate how we deliver excellence to our clients and colleagues. You will join a team committed to creating a culture of learning, diversity, and inclusion, dedicated to strong ethics and corporate citizenship.

At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive.

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.