L3 Security Operations Specialist

Requirement:

Job Title: L3 Security Operations Specialist

Remote

12+ Months

Role Overview:

The L3 Analyst will provide expert-level triage, incident validation, threat analysis, and decision-making for alerts escalated through ReliaQuest GreyMatter's Agentic AI–driven SOC platform. This role complements RQ's automated L1/L2 capabilities by performing deep-dive investigations, business-contextual analysis, and continuous improvement of detection rules, playbooks, and automation.

The analyst must be proficient with CrowdStrike Falcon, Google SecOps/SIEM, and cloud infrastructure security, with strong analytical and communication skills.

Key Responsibilities:

Incident Analysis & Response

• Perform L3 validation of alerts escalated by RQ GreyMatter AI.
• Conduct deep-dive investigations on true positives, anomalous safe events, and "no response" alerts.
• Correlate data across CrowdStrike, Google SecOps, IAM logs, network telemetry, and cloud environments.
• Recommend tactical and strategic response actions.

Automation & Tuning:

• Identify false positives and propose detection logic improvements.
• Work with Halliburton + RQ teams to develop high-fidelity detection rules.
• Enhance automated playbooks based on observed patterns.
• Contribute to adversary simulations and attack path mapping.

Threat Intelligence & Hunting

• Perform proactive hunting using CrowdStrike/Google SecOps datasets.
• Identify emerging threats relevant to oil & gas / energy sector.
• Conduct behavior-based analysis beyond signature indicators.

Governance, Reporting & Stakeholder Engagement

• Prepare daily/weekly operational summaries.
• Provide recommendations for reducing risk exposure.
• Participate in knowledge