Key skills
AzureDNSFirewallsAzure ADEntra IDCommunicationCollaborationNetwork Security
About this role
Role Overview
- Alert monitoring and triage: Monitor security alerts from Defender, Intune, Entra ID, and SIEM under supervision. Acknowledge alerts, perform initial classification, and follow documented SLAs for routing/assignment.
- Execute runbook-driven triage steps such as log collection, user contact, and simple containment checks; identify obvious false positives vs. potential true positives and escalate unclear cases.
- Investigation and response: Use Defender portals, SIEM queries, and activity logs to gather evidence as directed by more senior analysts. Execute low-risk containment actions (e.g., password reset, session sign‑out) with approval and runbook guidance. Escalate incidents promptly based on clear criteria to SOC Analysts, Senior SOC Analysts, NOC, or engineering.
- Runbooks, ticketing, and communication: Follow SOC runbooks precisely and flag gaps or confusing steps for review. Maintain accurate, complete ticket notes reflecting actions taken and status; use standard templates for internal updates.
- Collaboration and support: Work closely with SOC engineers to distinguish infrastructure vs. security issues and drive joint resolutions. Create and maintain tickets from vulnerability/exposure findings (e.g., Cavelo, Defender TVM) and track remediation with stakeholder teams. Provide incident and alert context to support client-facing security posture and risk reviews. Participate in shift handoffs and SOC ceremonies; engage in ongoing training on new threats, tools, and SOC procedures.
Requirements
- ~1–2 years of IT or operations experience (NOC, helpdesk, junior SOC, or similar)
- Some exposure to security alerts and tools is strongly preferred but not required to be deep.
- Professional proficiency in written and spoken English, including the ability to produce clear ticket notes, follow handoff standards, and communicate professionally with internal teams and clients
- Familiarity with Microsoft 365/Azure (Exchange Online, SharePoint/OneDrive, Intune, Azure AD/Entra ID).
- Basic familiarity with Microsoft Defender and at least one SIEM from prior roles or training.
- Understanding of fundamentals: auth/access control (MFA, conditional access), Windows endpoint/server security, and basic network security (VPN, DNS, DHCP, firewalls).
- Ability to read and interpret security alerts, logs, and correlated events, escalate when uncertain.
- Communicate clearly with both technical and non-technical stakeholders, including clients.
- Document incidents, runbooks, and processes in a clear, structured way.
- Demonstrated passion for security, strong ownership mindset, follow-through, and data-driven decision-making.
- Experience in a Managed Services Provider (MSP) or multi-tenant environment (desirable).
- Familiarity with Cavelo or other data discovery/exposure platforms (desirable).
- Experience with vulnerability management tools and frameworks (e.g., CIS, NIST) (desirable).
- Security-related certifications such as Security+, AZ-500, SC-200, or equivalent (desirable).
- Experience supporting clients in the financial services or alternative investment industry (desirable).
Tech Stack
- Azure
- DNS
- Firewalls
Benefits
- Health insurance
- Professional development opportunities