وظيفة SOC Analyst L3 لدى Zoho في الرياض

Zoho is one of the world's most prolific software companies. With 55+ applications in nearly every major business category, including sales, marketing, customer service, accounting and back office operations, and an array of productivity and collaboration tools built from the ground up, Zoho has the depth and breadth to solve even the most complex business challenges.

With more than 130 million+ users and over 18,000 employees across the globe, hundreds of thousands of companies rely on Zoho, every day to run their businesses, including Zoho itself. With 29 years of being private, bootstrapped and profitable, we understand what it takes to run a sustainable, resilient business.

Job Title: SOC Analyst L3

Experience: 5 - 8 Years

Work Location: Riyadh, Saudi Arabia

Roles & Responsibilities:

• Act as the technical escalation point for complex or high-severity incidents.
• Lead end-to-end incident response: investigation, containment, eradication, recovery.
• Conduct advanced threat hunting across endpoints, network, cloud, email, and logs.
• Perform malware analysis, memory forensics, and deep log analysis.
• Manage Purple Team exercises and drive SOC maturity improvements.
• Handle threat intelligence enrichment, IOC correlation, and intel reporting.
• Coordinate with IT, GRC, and senior management during major incidents.
• Provide advanced training and mentorship for L1 and L2 analysts.
• Lead RCA (Root Cause Analysis) and Post-Incident Review (PIR) processes.
• Evaluate and recommend new SOC technologies, tools, and integrations
• Design, build, and maintain SIEM detection use-cases aligned with MITRE ATT & CK.
• Enhance and tune existing detection rules to improve accuracy and reduce false positives.
• Assess detection gaps and ensure proper visibility across all critical log sources.
• Validate onboarding of new log sources and ensure logs are normalised and parsed correctly.
• Work with threat intelligence to integrate new IOCs, behavioural patterns, and detection logic.
• Create detection roadmaps and continuously improve SIEM coverage.
• Develop correlation rules, dashboards, and automated workflows.
• Collaborate with infrastructure teams to ensure required logs (EDR, firewall, cloud, proxy, email, apps) are feeding into the SIEM.
• Conduct periodic tuning sessions to improve alert fidelity and SOC efficiency.