Monitor security alerts and incidents in Microsoft Sentinel, Defender XDR, and Defender for Cloud
Triage incoming alerts to determine severity, impact, and required response actions
Differentiate between false positives, benign activity, and actionable threats using established playbooks
Perform continuous monitoring of cloud, identity, endpoint, and network telemetry
Investigate suspicious activity across Azure, Entra ID, Microsoft Defender XDR, and integrated data sources
Correlate logs, events, and indicators to establish timelines and determine root cause
Escalate confirmed or high-risk incidents to senior analysts or incident response teams
Execute or recommend containment actions in accordance with defined procedures
Utilize Kusto Query Language (KQL) and Log Analytics to analyze security data
Correlate events across identity, endpoint, network, and cloud workloads
Identify trends, anomalies, and patterns indicative of malicious activity
Create and maintain detailed, audit-defensible investigation notes and case records
Document all triage decisions, escalation rationale, and response actions
Produce incident summaries and reporting for internal stakeholders and clients

This is a contractor position in the United States with the ability to work from home but may require travel to a client site.
Atmosera is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.

Information Security Analyst

Key skills