SOC Analyst (Onsite)

• Proactively monitor Microsoft Sentinel for potential security incidents and anomalies
• Analyze, validate, and respond to detected security incidents in a timely manner
• Escalate incidents as necessary and provide expert guidance on mitigation strategies
• Develop, refine, and optimize KQL queries for enhanced detection and insights
• Train junior analysts on KQL best practices and its application in Microsoft Sentinel
• Document incidents, actions taken, and lessons learned to support continuous improvement
• Generate reports for management detailing incident trends, stats, and recommendations
• Configure and integrate Microsoft Sentinel with other tools and platforms to enhance visibility and detection capabilities
• Maintain and optimize Microsoft Sentinel connectors, playbooks, and automations
• Stay current with emerging threats, tactics, and vulnerabilities that could impact the organization
• Regularly review and update alerting criteria and playbooks based on evolving threats and business needs
• Participate in tabletop exercises and red/blue team simulations to enhance response capabilities

• Must be able to work on a W-2
• 3 years of experience as a SOC analyst
• 2 years of hands-on experience with Microsoft Sentinel
• Proficient in Kusto Query Language (KQL)
• Familiarity with Microsoft Sentinel's architecture, functionalities, and integration capabilities
• Understanding of threat intelligence platforms and their integration with Microsoft Sentinel

• Microsoft Security Operations Analyst certification

Last updated on Nov 7, 2023