Job Description - SOC Analyst (Incident Response & Threat Operations)
Position Summary
The SOC Analyst is responsible for end-to-end investigation, response, and management
of cybersecurity incidents across the enterprise. This role combines deep technical
incident handling, threat analysis, and proactive threat hunting with operational
leadership, cross-functional coordination, and continuous improvement of SOC
capabilities. The analyst plays a critical role in protecting the organization's global
environment by identifying threats, containing incidents, and strengthening the overall
security posture.
Key Responsibilities
Incident Investigation & Response
• Perform in-depth investigation of security incidents involving endpoints, servers,
networks, cloud platforms, and applications
• Assess risk, scope, root cause, and business impact of security events and
confirmed incidents
• Lead containment, eradication, and recovery actions for malware infections,
phishing attacks, ransomware activity, data exposure events, and malicious network
communications
• Act as a technical escalation point during high-severity and complex cyber
incidents, providing expert guidance and decision-making
• Manage the full incident lifecycle using XSOAR platforms, ensuring incidents are
handled e ? iciently from detection through closure
Threat Analysis & Hunting
• Conduct proactive threat hunting to identify stealthy threats, anomalous behavior,
and attacker techniques not detected by automated controls
• Perform daily threat analysis activities including:
o New, aged, and dropped domain analysis
o Malicious IP, URL, and file hash validation
• Leverage internal telemetry and external threat intelligence sources to enrich
investigations and improve detection accuracy
Security Monitoring & Tooling
• Analyze and correlate logs and alerts from SIEM, EDR, Firewall, Proxy, Email
Security, Database Security, and Cloud Security platforms
• Support and enhance detection logic, correlation rules, and automated response
playbooks within SIEM and XSOAR platforms
• Partner with security engineering and response teams to integrate new security
technologies and improve existing controls
Collaboration & Leadership
• Coordinate incident response activities with regional IT Security, Infrastructure,
Engineering, Legal, Privacy, and Business teams
• Provide mentorship, technical guidance, and on-the-job coaching to junior analysts
during investigations and active incidents
• Collaborate with response engineering teams on remediation strategies,
architectural improvements, and long-term risk reduction initiatives
Continuous Improvement
• Identify gaps in monitoring, detection, and response processes and drive
continuous improvement initiatives across SOC operations
• Contribute to the development and refinement of incident response procedures,
playbooks, and standard operating procedures
• Participate in post-incident reviews to ensure lessons learned are documented and
corrective actions are tracked to completion
Reporting & Governance Requirements
• Maintain accurate and timely documentation of all incidents, investigations, and
response actions within XSOAR platform
• Produce daily and weekly operational reports covering incident volumes, severity
trends, response timelines, and notable threats
• Prepare detailed incident reports and root cause analyses for high-severity
incidents, including impact assessment and remediation status
• Deliver executive-ready incident briefings and post-incident summaries for senior
leadership and stakeholders
• Track and report on SOC KPIs and SLAs such as mean time to response (MTTR),
mean time to contain (MTTC), and incident closure rates
• Ensure all activities align with internal security policies, regulatory requirements,
and audit expectations
Education
• IT Graduate or Engineering degree (BTech, MCA, MSc Computers or equivalent)
Experience
• 6-10 years of total experience in SOC operations, Incident Response, Threat
Hunting, or Security Engineering
• Strong hands-on experience with enterprise-scale environments and global incident
response
• Proven experience working with SIEM, XSOAR, and EDR platforms such as Splunk,
QRadar, CrowdStrike, XSIAM, or equivalent
Technical Skills
• Strong understanding of network, endpoint, application, cloud, and data security
concepts
• Experience handling incidents in large, distributed, and regulated environments
• Proficiency with incident management frameworks, response playbooks, and
XSOAR Incident Management
• Intermediate to advanced knowledge of malware analysis, phishing campaigns, and
attacker tactics, techniques, and procedures (TTPs)
• Ability to design and assess layered security controls across the enterprise
Certifications (Preferred)
• CISSP, GCIA, GCIH, or equivalent industry certifications
Behavioral & Leadership Skills
• Strong analytical, problem-solving, and decision-making capabilities
• Excellent communication skills with the ability to translate technical issues into
business impact
• Demonstrated leadership during crisis situations and major security incidents
• Ability to work e ? ectively across time zones and with global teams
• Strategic mindset combined with hands-on technical execution
About MetLife
Recognized on Fortune magazine's list of the "World's Most Admired Companies" and Fortune World's 25 Best Workplaces™, MetLife, through its subsidiaries and affiliates, is one of the world's leading financial services companies; providing insurance, annuities, employee benefits and asset management to individual and institutional customers. With operations in more than 40 markets, we hold leading positions in the United States, Latin America, Asia, Europe, and the Middle East.
Our purpose is simple - to help our colleagues, customers, communities, and the world at large create a more confident future. United by purpose and guided by our core values - Win Together, Do the Right Thing, Deliver Impact Over Activity, and Think Ahead - we're inspired to transform the next century in financial services. At MetLife, it's #AllTogetherPossible . Join us!
#BI-Hybrid
Skills Required
- Bachelor's degree in IT or Engineering (BTech, MCA, MSc Computers or equivalent)
- 6-10 years experience in SOC operations, Incident Response, Threat Hunting, or Security Engineering
- Hands-on experience with enterprise-scale environments and global incident response
- Proven experience with SIEM, XSOAR, and EDR platforms (e.g., Splunk, QRadar, CrowdStrike, XSIAM)
- Strong understanding of network, endpoint, application, cloud, and data security concepts
- Proficiency with incident management frameworks, response playbooks, and XSOAR incident management
- Intermediate to advanced knowledge of malware analysis, phishing campaigns, and attacker TTPs
- Ability to design and assess layered enterprise security controls
- Experience analyzing and correlating logs from SIEM, EDR, Firewall, Proxy, Email, Database, and Cloud security
- Strong communication, leadership, and cross-functional coordination skills
- Certifications such as CISSP, GCIA, or GCIH
MetLife Compensation & Benefits Highlights
-
Retirement Support — Feedback suggests retirement programs pair a 401(k) with company match and additional retirement plan structures, indicating a mature long‑term savings setup. This depth signals stability for employees prioritizing retirement security.
-
Healthcare Strength — Comprehensive medical, dental, vision, disability, and life insurance are paired with wellness initiatives and 24/7 EAP access, indicating broad core coverage. HSAs/FSAs and second‑opinion resources further reinforce the healthcare offering.
-
Parental & Family Support — Fertility coverage, personalized child/elder‑care guidance, adoption assistance, parental leave, and breast‑milk shipping for traveling nursing parents are highlighted. These supports extend benefits meaningfully beyond the basics.
MetLife Insights
What We Do
We're honored to be No. 10 on Great Place to Work's World's Best Workplaces and recognized in the Fortune 100 Best Companies to Work For® list in 2025. At MetLife, we're leading the global transformation of an industry we’ve defined for over 157 years. At MetLife, every innovation and line of code is a lifeline for our customers and their families—from victims of natural disasters to people living with disabilities and beyond. With operations in more than 40 markets and leading positions across the globe, MetLife fosters an inclusive culture where our people are energized and inspired to deliver for our customers and communities. Join our remarkable journey—one in which you help write the next century of innovation in financial services—because with MetLife, making the world a better place is All Together Possible.
Why Work With Us
At MetLife, you’ll be working for a company whose purpose is to help customers throughout their life’s journey, and often in their most critical time of need. You’ll be a part of developing leading-edge platforms that will have a lasting impact on the lives and well-being of tens of millions of customers.
Gallery
MetLife Teams
MetLife Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
MetLife's current workplace policies classify roles as Office, Hybrid or Virtual based on the nature of work, encouraging new ways of working together



.png)
















.png)























