Monitor and triage alerts across various security tools
Validate alert severity, business impact, affected assets, containment status, and escalation requirements.
Coordinate security events from initial triage through containment, documentation, closure, and post-incident follow-up.
Support daily dashboard review, security ticket queues, alert quality checks, and operational reporting.
Develop, tune, and maintain detection logic in security tools.
Reduce false positives and alert noise by reviewing recurring detections.
Assist with incident response for endpoint, identity, cloud, email, and suspicious activity events.
Support security operations across various Microsoft security tools.
Create and maintain security runbooks and knowledge base articles.

3–5 years of experience in SOC operations, security operations, production support, security engineering, or a similar hands-on cybersecurity role.
Experience with Microsoft security tools such as Microsoft Defender, Microsoft Sentinel, Microsoft Entra ID, Microsoft 365 security, or Azure security services.
Ability to investigate alerts using SIEM/EDR data, KQL, logs, endpoint telemetry, identity logs, and cloud signals.
Experience with incident triage, phishing investigations, malware alerts, suspicious sign-ins, endpoint events, and escalation workflows.
Basic understanding of cloud security, identity security, MFA, SSO, conditional access, endpoint protection, and vulnerability/cloud exposure management.
Ability to write clear documentation, incident notes, runbooks, ticket updates, and executive-ready summaries.
Comfortable working in a small team where priorities change, and the person may need to support operations, engineering, documentation, and coordination.
Strong communication skills and ability to work across Slack, Jira, Teams, security tools, managed SOC providers, engineers, and business stakeholders.

Security Engineer

Key skills