The Work
As a SOC L3 Analyst, you will serve as the senior technical escalation point for security incidents, providing deep dive analysis, investigation leadership, and expert guidance through incident resolution and closure. You will work closely with SOC L1/L2 analysts, client stakeholders, and engineering teams to ensure incidents are fully understood, contained, remediated, and properly documented.
This role is hands on and delivery critical, with a strong focus on incident investigations, contextual analysis, and operational excellence.

Key Responsibilities
• Act as the L3 escalation point for complex and high severity security incidents across Microsoft security platforms
• Perform advanced investigations using Microsoft Sentinel, Defender XDR, and Defender portal workflows
• Lead incident response activities across:
o Microsoft Defender for Endpoint (MDE)
o Microsoft Defender for Identity (MDI)
o Microsoft Defender for Office 365 (MDO)
o Cloud workloads and identity-based incidents
o Email Security Platforms
• Correlate telemetry across SIEM, endpoint, identity, cloud, and email security to determine root cause, scope, and impact
• Drive incidents through containment, eradication, remediation, and closure, validating response effectiveness
• Design, tune, and optimize Sentinel analytic rules, detection logic, and alert fidelity based on threat intelligence and incident learnings
• Perform log source onboarding, tuning, and normalization, ensuring high-quality and actionable telemetry
• Develop and enhance automation and response workflows using Sentinel automation rules and Logic Apps
• Build and maintain investigation and response playbooks to standardize L1/L2 analyst response
• Support and execute Sentinel to Defender XDR transition activities, including detection alignment and investigation process changes
• Validate alert severity, escalation decisions, and response actions taken by SOC L1/L2 analysts
• Provide technical mentorship and investigation guidance to junior analysts
• Collaborate with detection engineering and platform teams to resolve systemic detection or data quality issues
• Support use case lifecycle management, including:
o Detection validation
o False positive reduction
o Coverage gap identification
• Contribute to post incident reviews (PIRs) and continuous improvement initiatives
• Ensure investigations are properly documented, auditable, and aligned with SOC processes
• (Optional) Support advanced integrations and capabilities such as:
o Sentinel Data Lake / log tiering
o Security considerations for Microsoft Copilot and AI workloads

Required Skills & Experience
• Strong hands on expertise with the Microsoft security ecosystem, including Sentinel and Defender suite
• Demonstrated experience handling advanced incidents across endpoint, identity, email, and cloud environments
• Proven ability to perform deep dive root cause analysis and threat hunting
• Experience developing automation and SOAR workflows
• Strong understanding of incident response across Microsoft Defender XDR
• Experience tuning detections and log sources to improve signal to noise ratio
• Ability to work effectively under pressure during P1 / high severity incidents
• Experience operating in a managed services / SOC RUN environment
• Strong communication skills, with the ability to translate technical findings to business stakeholders
• Optional but beneficial:
o Experience with Sentinel Data Lake
o Exposure to Microsoft Copilot security controls
Bonus Points If You Have
• Experience working with public sector or regulated environments
• Exposure to SOC service transitions and operational maturity improvements
• Experience with detection engineering, threat hunting, or intelligence driven security operations
• Relevant certifications (e.g., SC 200, SC 100, CISSP, GIAC, etc.,)
• Experience supporting or managing client facing security services
• Experience in operational reporting, metrics, and service governance

Compensation at Accenture varies depending on a wide array of factors, which may include but are not limited to the specific office location,
role, skill set, and level of experience. As required by local law, Accenture provides a reasonable range of compensation, based on full-time
employment, for roles that may be hired as set forth below.
The recruiting efforts for this position are intended to fill a brand new position.
The base pay range shown below is intended as a guideline to reflect the majority of offers for this role.
It does not represent a maximum limit - in some cases, actual compensation may exceed the range where appropriate.

Information on benefits is here.

Role Location Annual Salary Range
British Columbia/Ontario $82,600 to $132,600