Microsoft 365, Azure & Cloud Security Analyst

We are looking for a skilled Security Analyst to join our team, focusing on protecting our own and our clients' cloud infrastructure and digital assets primarily through the Microsoft 365 and Azure security ecosystem. This role combines hands-on security operations, incident response, threat detection, and continuous improvement of our security posture across cloud and hybrid environments. Experience with other platforms, such as AWS, Google, is a distinct advantage. You will help propose, plan, and implement best practice solutions. Thereafter, monitor and respond to security threats, manage security configurations, develop operational documentation, and work with both Microsoft-native and third-party security tools to maintain a robust security operations capability.

We value candidates who combine technical expertise with strong problem-solving abilities and excellent communication skills. You should be able to explain complex security concepts to non-technical stakeholders, work collaboratively across teams, and maintain attention to detail under pressure. A proactive security mindset, curiosity about emerging threats, and commitment to continuous learning are essential.

Key Responsibilities:

• Monitor, investigate, and respond to security alerts across Microsoft Defender 365, Sentinel, Azure, and third-party security platforms (Splunk, CrowdStrike, Huntress, etc.)
• Conduct security assessments of Microsoft 365 and Azure services using established cloud security standards
• Implement and manage security configurations across the Microsoft 365 security stack and Azure environment.
• Perform threat analysis, vulnerability assessments, and incident response activities
• Develop and maintain SOC runbooks and incident response playbooks aligned with NIST or similar frameworks
• Create and tune detection rules across multiple platforms, mapping to the MITRE ATT&CK framework
• Manage security policies, identity and access management (Azure AD/Entra ID), and compliance controls
• Integrate and orchestrate security tools, including SIEM, EDR/XDR, MDR, and SOAR platforms. Support compliance frameworks, including ISO 27001, Cyber Essentials, GDPR, and industry-specific regulations
• Collaborate with IT, DevOps, and business teams on security initiatives and automation workflows
• Document security procedures, investigations, and lessons learned to improve team effectiveness
• Prepare proposals for clients to promote the best value security offering

Required Skills & Experience:

• Strong hands-on experience with Microsoft Defender XDR, Defender for Cloud, Sentinel (SIEM), and Microsoft Purview
• Proficiency in Azure Active Directory/Entra ID, conditional access, MFA, and Intune policy implementation
• Knowledge of Azure security configurations, policies, and governance
• Experience with Office 365 Compliance Centre and data loss prevention
• Familiarity and knowledge of third-party SIEM platforms (Splunk, QRadar, or similar)
• Familiarity and knowledge with third-party EDR/XDR solutions (Sophos, CrowdStrike, Huntress, Sentinel One, Carbon Black, or similar)
• Understanding of MDR services and SOC operations
• Experience with vulnerability management tools (Nessus, Tenable, Qualys)
• Knowledge of SOAR platforms and security automation (desirable)
• PowerShell scripting and KQL (Kusto Query Language) for investigations and reporting
• Threat detection, incident response, and security event analysis
• Understanding of attack techniques, lateral movement, and defense evasion
• Knowledge of Windows, Linux, and macOS security architectures
• Experience creating runbooks, playbooks, and operational documentation
• Experience in building meaningful reports and dashboards
• 2-5 years in information security, cloud security, SOC operations, or similar technical role
• Hands-on experience deploying and supporting Microsoft and third-party security solutions. Demonstrated experience with security monitoring, incident response, or digital forensics
• Track record of creating or improving security documentation and procedures

Desirable skills and qualifications:

• DevSecOps practices and Infrastructure as Code (Terraform, ARM templates)
• Python or similar for automation and low-code/no-code playbook creation
• Knowledge of threat intelligence platforms and threat hunting methodologies
• Familiarity with regulatory compliance requirements (HIPAA, PCI-DSS, SOC 2)
• Project management and mentoring capabilities
• A degree in Computer Science, Information Technology or a related field
• Microsoft: MS-500, AZ-500, SC-200, SC-100
• Industry: Security+, CISSP, CySA+, GSEC, CCSK
• Platform-specific: Splunk Certified Cybersecurity Defense Analyst, CrowdStrike Certified Falcon Administrator.

Benefits:

• Two salary reviews in the first year
• Annual loyalty bonus
• 25 days paid annual leave