Job Description :
Splunk is a BIG plus – just did internal training on it
WAF (web application firewall) experience is a plus
Palo Alto, Imperva etc also plusses

Difference between Level 3s and level 1s&2s :
Experience and what they are involved in on the side – Hacking sites, certified hackers, forensics training, leadership experience

Level 3s – Counter Threat Operations, look at screens, determine whether real event of false positive
Need to be inquisitive and Analytical – want to learn

Looking through 2-3 desktop monitors, quickly going through apps, incidents escalated to war room (provides real-time incident response and crisis mgmt. for team)