Job Description

About AgileBlue

AgileBlue is an AI-native Security Operations platform that detects, investigates, and auto-responds to cyber threats across cloud, network, and endpoint environments. Our platform combines Sapphire AI for automated detection with 24/7 human-led investigation, built for mid-market organizations and the MSPs that serve them.

Position Overview

AgileBlue is hiring L3 SOC Analysts to own the most critical phases of our security operation. You will lead complex investigations, handle client calls and escalations, design and run threat hunts, and drive case quality across the SOC. On first shift, you work off-queue — meaning you are never pulled into alert triage. You own depth and operational quality. On second and third shifts, you provide senior analytical coverage for an operation that runs 24/7.

This role requires genuine domain depth in at least one area: malware analysis, cloud security, identity and access, or network forensics. You will be expected to operate independently, mentor the analysts on your shift, and bring problems to the surface rather than wait for them to be assigned.

What You Will Do

• Lead complex and escalated investigations handed off from L1 and L2 analysts. Investigate suspicious activity, contain threats, and drive incidents to resolution.

• Analyze security breaches to identify root cause, scope of compromise, and remediation path. Produce incident reports for client delivery.

• Manage client-facing cases in the ticketing system, including direct phone, email, and video calls with clients during active incidents and for escalation handling.

• Design and conduct proactive and ad-hoc threat hunts across customer environments. Produce comprehensive threat hunt reports for client consumption.

• Own case quality review. Review closed cases before client delivery. Identify and resolve systemic quality issues across the analyst team.

• Own and maintain alert playbook documentation. Follow and enforce customer-specific playbooks. Flag detection coverage gaps to the detection engineering team.

• Review daily and periodic data to identify, report, and help remedy vulnerabilities across the customer base.

• Lead AI case reviews, prioritize and analyze key security metrics, and produce weekly and monthly metrics reports.

• Provide phone coverage for escalations and serve as the senior decision point for analysts on your shift.

• Complete and lead a structured written handoff at every shift boundary.

What We Are Looking For

• 3 to 5+ years of SOC or security operations experience, with demonstrated leadership in complex incident investigations.

• Deep domain expertise in at least one area: malware analysis, cloud security (AWS, Azure, or GCP), identity and access (Entra ID, Okta), or network forensics.

• Proven ability to drive investigations end to end — from initial detection through root cause, scoping, and client communication.

• Experience designing and executing threat hunts, not just running pre-scoped ones.

• Strong KQL, EQL, or equivalent query writing. You should be comfortable writing complex correlation queries from scratch.

• Experience with incident report writing for external clients. Your reports set the standard.

• Direct client communication experience. You will be on calls with clients during incidents.

Position Details

Job Type

Full-Time Employment

Shift

Multiple shifts available for 24/7 SOC Analyst team.

Location

Cleveland, OH OR remote within the United States (U.S.-based required)

Reporting To

SOC Manager

Benefits

Competitive base salary | 401k with company match | Unlimited PTO | Paid training and certification support | Direct influence over SOC process and quality standards

To Apply

Submit your resume and a brief cover letter to ***email_hidden*** with 'SOC Analyst L3' as the subject line. Describe a complex investigation you led from detection through client communication. Tell us what made it complex and how you navigated it.

Job Tags

Similar Jobs