Job
Description
What you’ll do
:
Monitor Microsoft Sentinel for security alerts and events on a 24x7 basis Perform initial triage and analysis of security events, including prioritization and escalation based on defined incident response procedures Identify potential security incidents, false positives, and provide recommendations for mitigation or escalation to L2 SOC analysts Leverage KQL queries for investigations Document incidents, investigation results, and actions taken in the ticketing system Follow established SOC processes and playbooks for effective incident response Support continuous improvement by identifying gaps in monitoring and detection Monitoring of other security tools such EDR – CrowdStrike, AWS Security Alerts for level 1 analysis based on the defined playbooks Flexible in following updated playbooks as the security landscape changes Candidates must be flexible and willing to work varying 24*7 shifts to ensure consistent coverage
What you’ll bring:
Strong analytical and problem-solving abilities Excellent communication and interpersonal skills to effectively collaborate with cross-functional teams Proven ability to remain calm and efficient under a high-pressure environment Proficient in using SIEM tools, such as Microsoft Sentinel Experience in Cloud Security Operations and Incident Response platforms such as Wiz In-depth understanding of cyber threats, vulnerabilities, and attack vectors Knowledge in creating KQL queries and custom alerts within Microsoft Sentinel Exposure in incident response and management procedures Experienced in conducting L1 investigations and root cause analysis for incidents Adept at collaborating with stakeholders to resolve complex cybersecurity challenges Knowledge of major cloud platforms (AWS, Azure, GCP), including their security models, IAM roles, virtual private cloud (VPC) configurations, and cloud-native security tools
Good to have skills and abilities:
Excellent interpersonal (self-motivational, organizational, personal project management) skills Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System Ability to analyze cyber threats to develop actionable intelligence Flexibility to adapt to changing priorities and shifts
Academic Qualifications:
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience) 2+ years of experience in a Security Operations Center (SOC) environment, with a focus on SIEM management Hands-on experience with Microsoft Sentinel, including data connectors, KQL queries, analytics rules, and workbooks Exposure in incident response, threat detection, and security monitoring Solid understanding of Windows, Linux, and cloud security concepts Relevant certifications (e.g., CompTIA Security+, Microsoft CertifiedSecurity Operations Analyst, GCIA, GCIH, OSDA, GCFA) are preferred Preferred Security Cloud CertificationsAWS Security Specialty
