Security Associate Manager - SOC L3

We Are
Accenture Security helps organizations prepare, protect, detect, respond, and recover across the full security lifecycle. Cybersecurity challenges differ across industries and client environments, so we bring global expertise, advanced technologies, and proven delivery models to create integrated solutions tailored to each client’s needs. Whether we’re defending against known attacks, detecting and responding to emerging threats, or operating a full security operations capability, we help clients build cyber resilience so they can grow with confidence.

You Are
You’re a security professional who is energized by outsmarting adversaries and strengthening defenses. You bring hands-on cyber operations expertise along with the ability to guide teams, manage service delivery, and communicate effectively with clients. You’re comfortable operating in a RUN environment, providing structure and oversight while ensuring high quality detection and response outcomes. You translate technical findings into clear, business relevant insights and thrive in fast paced, collaborative environments where trust, accountability, and service excellence matter.

The Work
As a SOC L3 Analyst, you will serve as the senior technical escalation point for security incidents, providing deep dive analysis, investigation leadership, and expert guidance through incident resolution and closure. You will work closely with SOC L1/L2 analysts, client stakeholders, and engineering teams to ensure incidents are fully understood, contained, remediated, and properly documented.
This role is hands on and delivery critical, with a strong focus on incident investigations, contextual analysis, and operational excellence.

Key Responsibilities
• Act as the L3 escalation point for complex and high severity security incidents across Microsoft security platforms
• Perform advanced investigations using Microsoft Sentinel, Defender XDR, and Defender portal workflows
• Lead incident response activities across:
o Microsoft Defender for Endpoint (MDE)
o Microsoft Defender for Identity (MDI)
o Microsoft Defender for Office 365 (MDO)
o Cloud workloads and identity-based incidents
o Email Security Platforms
• Correlate telemetry across SIEM, endpoint, identity, cloud, and email security to determine root cause, scope, and impact
• Drive incidents through containment, eradication, remediation, and closure, validating response effectiveness
• Design, tune, and optimize Sentinel analytic rules, detection logic, and alert fidelity based on threat intelligence and incident learnings
• Perform log source onboarding, tuning, and normalization, ensuring high-quality and actionable telemetry
• Develop and enhance automation and response workflows using Sentinel automation rules and Logic Apps
• Build and maintain investigation and response playbooks to standardize L1/L2 analyst response
• Support and execute Sentinel to Defender XDR transition activities, including detection alignment and investigation process changes
• Validate alert severity, escalation decisions, and response actions taken by SOC L1/L2 analysts
• Provide technical mentorship and investigation guidance to junior analysts
• Collaborate with detection engineering and platform teams to resolve systemic detection or data quality issues
• Support use case lifecycle management, including:
o Detection validation
o False positive reduction
o Coverage gap identification
• Contribute to post incident reviews (PIRs) and continuous improvement initiatives
• Ensure investigations are properly documented, auditable, and aligned with SOC processes
• (Optional) Support advanced integrations and capabilities such as:
o Sentinel Data Lake / log tiering
o Security considerations for Microsoft Copilot and AI workloads