Senior SOC Analyst L3 – Threat Hunting & Detection Engineering
About the assignment
A leading organisation operates a mature Security Operations Center and is seeking a Senior SOC Analyst L3 to own the most complex and high-impact security incidents. You are the top escalation point for the team—solving sophisticated threats, conducting hypothesis-driven threat hunts, and engineering detections against evolving attack patterns.
Your role bridges technical excellence with strategic impact. You'll translate the threat landscape into concrete improvements in detection logic, automation, and team capability. You coach L1 and L2 analysts, strengthen processes through SOAR automation, and advise security leadership on risk and coverage gaps.
This is a hands-on expert role where deep forensic and malware analysis skills directly drive incident resolution and organisational resilience.
Your responsibilities
- Lead incident response for complex, high-impact security events from triage through eradication and recovery
- Conduct proactive threat hunting based on hypotheses, threat intelligence, and MITRE ATT&CK framework
- Develop, refine and manage detection rules, use cases and correlation logic in SIEM and SOAR platforms
- Perform forensic analysis and malware investigations to support root-cause analysis and incident closure
- Automate repetitive SOC workflows through SOAR playbook development and scripting
- Assess and optimise detection coverage against current threats, translating gaps into technical improvements
- Mentor L1 and L2 analysts through code review, documentation and knowledge transfer
- Advise security leadership on threat landscape, emerging risks and monitoring enhancements
Tech Stack & Tools
Platforms & Tooling
Frameworks & Standards
Cloud & Infrastructure
Methodologies
Certifications (preferred)
Must-haves
- Minimum 5 years demonstrable SOC or CSIRT experience, with significant time at senior/L3 level
- Deep expertise in SIEM platforms (Sentinel, Splunk, QRadar) including detection engineering
- Proven incident response, threat hunting and forensic investigation experience
- Strong knowledge of MITRE ATT&CK framework, threat intelligence and modern attack techniques
- Hands-on experience with scripting (Python, PowerShell, KQL) and SOAR automation
- Fluent in Dutch and English, both written and spoken
Nice-to-haves
- Certifications such as GCIH, GCIA, GCFA, GNFA, OSCP or CISSP
- Cloud security monitoring experience (Azure, AWS, GCP) and EDR/XDR platform proficiency
- Background in regulated sectors (finance, energy, government) or knowledge of NIS2, DORA, ISO 27001
- OT/ICS monitoring experience; willingness to obtain or hold VOG/security screening
What we offer
- Lead high-impact incident investigations and shape detection strategy for a mature SOC
- Work with enterprise-grade SIEM, SOAR and EDR tools in a complex, multi-cloud environment
- Coach and mentor junior analysts; influence team capability and knowledge management
- Collaborate with security leadership to drive strategic improvements in threat coverage and risk posture
- Flexible working arrangement and continuous learning investment
- Personal guidance from a dedicated MVPeople consultant who knows your niche
The process
Introduction
Phone call with your MVPeople consultant (within 24 hours)
Match & Brief
We discuss the assignment in detail and prepare you
Client meeting
Introduction to the client
Start
Contracting and onboarding
Details
Type
Freelance / ZZP (MVPeople)
Location
Utrecht, UT
Work model
Hybrid
Level
Senior
Industry
overige
Posted
7 July 2026
Job ID
56222
Contact
MVPeople Group
jobs@mvpeoplegroup.com