Activate JobCopilot
Key Responsibilities
Security Monitoring and Alert Triage
Monitor security alerts and incidents in Microsoft Sentinel, Defender XDR, and Defender for Cloud
Triage incoming alerts to determine severity, impact, and required response actions
Differentiate between false positives, benign activity, and actionable threats using established playbooks
Perform continuous monitoring of cloud, identity, endpoint, and network telemetry
Incident Investigation and Response
Investigate suspicious activity across Azure, Entra ID, Microsoft Defender XDR, and integrated data sources
Correlate logs, events, and indicators to establish timelines and determine root cause
Escalate confirmed or high-risk incidents to senior analysts or incident response teams
Execute or recommend containment actions in accordance with defined procedures
Log Analysis and Detection Support
Utilize Kusto Query Language (KQL) and Log Analytics to analyze security data
Correlate events across identity, endpoint, network, and cloud workloads
Identify trends, anomalies, and patterns indicative of malicious activity
Provide input into detection tuning and rule optimization efforts
Documentation and Reporting
Create and maintain detailed, audit-defensible investigation notes and case records
Document all triage decisions, escalation rationale, and response actions
Produce incident summaries and reporting for internal stakeholders and clients
Participate in shift handoffs and maintain continuity of ongoing investigations
Threat Intelligence and Continuous Improvement
Stay informed on emerging threats, vulnerabilities, and attack techniques
Apply threat intelligence to contextualize alerts and improve detection accuracy
Participate in post-incident reviews and contribute to process improvements
Support tuning efforts to reduce false positives and improve detection fidelity
Collaboration and Client Support
Work within a multi-tenant MSSP environment supporting multiple client environments
Collaborate with engineering, incident response, and client-facing teams
Provide clear and professional communication during incident escalations
Support service delivery objectives, SLOs, and operational metrics
Required Qualifications
- 1+ years of experience in a Security Operations Center or related security role
- Hands-on experience with SIEM platforms (Microsoft Sentinel preferred)
- Experience analyzing logs from one or more of the following:
- Azure / Entra ID
- Microsoft Defender (Endpoint, Identity, Cloud, Office 365)
- Windows / Linux systems
- Network security tools (firewalls, IDS/IPS)
- Cloud Security Posture Management - Defender for Cloud
- Basic understanding of incident response processes and frameworks
- Strong analytical and investigative skills
Preferred Qualifications
- Experience with Microsoft security ecosystem:
- Microsoft Sentinel
- Microsoft Defender XDR
- Microsoft Defender for Cloud
- Familiarity with KQL for log analysis and threat hunting
- Understanding of MITRE ATT&CK framework and common attack techniques
- Experience in an MSSP or multi-tenant environment
- Relevant certifications:
- Microsoft SC-200 (Security Operations Analyst)
- CompTIA Security+ or equivalent
Competencies and Attributes
- Ability to make accurate triage decisions under pressure
- Strong written and verbal communication skills
- Attention to detail and evidence-based analysis
- Ability to follow and improve structured investigation processes
- Adaptability in a high-volume, alert-driven environment
Work Environment and Expectations
- Participation in a 24x7 SOC shift model may be required
- Exposure to high-volume alert environments requiring prioritization and efficiency
- Collaboration with geographically distributed teams and client stakeholders
- Continuous learning and development in Azure security and threat detection
Your email job alert is now active!
