Security Associate Manager - SOC L3
We Are
Accenture Security helps organizations prepare, protect, detect, respond, and recover across the full security lifecycle. Cybersecurity challenges differ across industries and client environments, so we bring global expertise, advanced technologies, and proven delivery models to create integrated solutions tailored to each client’s needs. Whether we’re defending against known attacks, detecting and responding to emerging threats, or operating a full security operations capability, we help clients build cyber resilience so they can grow with confidence.
You Are
You’re a security professional who is energized by outsmarting adversaries and strengthening defenses. You bring hands-on cyber operations expertise along with the ability to guide teams, manage service delivery, and communicate effectively with clients. You’re comfortable operating in a RUN environment, providing structure and oversight while ensuring high quality detection and response outcomes. You translate technical findings into clear, business relevant insights and thrive in fast paced, collaborative environments where trust, accountability, and service excellence matter.
The Work
As a SOC L3 Analyst, you will serve as the senior technical escalation point for security incidents, providing deep dive analysis, investigation leadership, and expert guidance through incident resolution and closure. You will work closely with SOC L1/L2 analysts, client stakeholders, and engineering teams to ensure incidents are fully understood, contained, remediated, and properly documented.
This role is hands on and delivery critical, with a strong focus on incident investigations, contextual analysis, and operational excellence.
Key Responsibilities
• Act as the L3 escalation point for complex and high severity security incidents across Microsoft security platforms
• Perform advanced investigations using Microsoft Sentinel, Defender XDR, and Defender portal workflows
• Lead incident response activities across:
o Microsoft Defender for Endpoint (MDE)
o Microsoft Defender for Identity (MDI)
o Microsoft Defender for Office 365 (MDO)
o Cloud workloads and identity-based incidents
o Email Security Platforms
• Correlate telemetry across SIEM, endpoint, identity, cloud, and email security to determine root cause, scope, and impact
• Drive incidents through containment, eradication, remediation, and closure, validating response effectiveness
• Design, tune, and optimize Sentinel analytic rules, detection logic, and alert fidelity based on threat intelligence and incident learnings
• Perform log source onboarding, tuning, and normalization, ensuring high-quality and actionable telemetry
• Develop and enhance automation and response workflows using Sentinel automation rules and Logic Apps
• Build and maintain investigation and response playbooks to standardize L1/L2 analyst response
• Support and execute Sentinel to Defender XDR transition activities, including detection alignment and investigation process changes
• Validate alert severity, escalation decisions, and response actions taken by SOC L1/L2 analysts
• Provide technical mentorship and investigation guidance to junior analysts
• Collaborate with detection engineering and platform teams to resolve systemic detection or data quality issues
• Support use case lifecycle management, including:
o Detection validation
o False positive reduction
o Coverage gap identification
• Contribute to post incident reviews (PIRs) and continuous improvement initiatives
• Ensure investigations are properly documented, auditable, and aligned with SOC processes
• (Optional) Support advanced integrations and capabilities such as:
o Sentinel Data Lake / log tiering
o Security considerations for Microsoft Copilot and AI workloads
Required Skills & Experience
• Strong hands on expertise with the Microsoft security ecosystem, including Sentinel and Defender suite
• Demonstrated experience handling advanced incidents across endpoint, identity, email, and cloud environments
• Proven ability to perform deep dive root cause analysis and threat hunting
• Experience developing automation and SOAR workflows
• Strong understanding of incident response across Microsoft Defender XDR
• Experience tuning detections and log sources to improve signal to noise ratio
• Ability to work effectively under pressure during P1 / high severity incidents
• Experience operating in a managed services / SOC RUN environment
• Strong communication skills, with the ability to translate technical findings to business stakeholders
• Optional but beneficial:
o Experience with Sentinel Data Lake
o Exposure to Microsoft Copilot security controls
Bonus Points If You Have
• Experience working with public sector or regulated environments
• Exposure to SOC service transitions and operational maturity improvements
• Experience with detection engineering, threat hunting, or intelligence driven security operations
• Relevant certifications (e.g., SC 200, SC 100, CISSP, GIAC, etc.,)
• Experience supporting or managing client facing security services
• Experience in operational reporting, metrics, and service governance
Compensation at Accenture varies depending on a wide array of factors, which may include but are not limited to the specific office location,
role, skill set, and level of experience. As required by local law, Accenture provides a reasonable range of compensation, based on full-time
employment, for roles that may be hired as set forth below.
The recruiting efforts for this position are intended to fill a brand new position.
The base pay range shown below is intended as a guideline to reflect the majority of offers for this role.
It does not represent a maximum limit — in some cases, actual compensation may exceed the range where appropriate.
Information on benefits is here.
Role Location Annual Salary Range
British Columbia/Ontario $82,600 to $132,600
Toronto, Ontario
Calgary, Alberta
Ottawa, Ontario
Vancouver, British Columbia
Equal Employment Opportunity Statement
All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.
Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process.
Accenture is committed to providing veteran employment opportunities to our service men and women.
Please read Accenture’s Recruiting and Hiring Statement for more information on how we process your data during the Recruiting and Hiring process.
We work with one shared purpose: to deliver on the promise of technology and human ingenuity. Every day, more than 775,000 of us help our stakeholders continuously reinvent. Together, we drive positive change and deliver value to our clients, partners, shareholders, communities, and each other.
We believe that delivering value requires innovation, and innovation thrives in an inclusive and diverse environment. We actively foster a workplace free from bias, where everyone feels a sense of belonging and is respected and empowered to do their best work.
At Accenture, we see well-being holistically, supporting our people’s physical, mental, and financial health. We also provide opportunities to keep skills relevant through certifications, learning, and diverse work experiences. We’re proud to be consistently recognized as one of the World’s Best Workplaces™.
Join Accenture to work at the heart of change. Visit us at www.accenture.com.