- Security Operations Center (SOC) Analyst (Microsoft Defender/Sentinel)
Objective: Augment the SOC to improve real-time monitoring, triage, and response for Microsoft Defender XDR and Sentinel.
Reports to: Security Operations Lead (works closely with Incident Response)
Key Responsibilities:
- Monitor Defender XDR and Sentinel for alerts, anomalies, and emerging IOCs; tune rules & analytics (KQL).
- Perform triage, enrichment, and initial response; escalate per playbooks.
- Develop/improve detections, watchlists, UEBA policies, and automated response (Logic Apps).
- Produce daily/weekly threat intel and incident summaries; recommend control improvements.
- Mentor internal analysts; contribute to playbooks and KPIs.
Deliverables:
- Tuned detections and analytics rules with before/after noise reduction metrics.
- Updated incident response playbooks (Defender/Sentinel).
- Weekly operations report (alerts handled, MTTA/MTTR, notable events, gaps).
- Knowledge transfer sessions for SOC staff.
Required Qualifications:
- 3–5+ years SOC experience with Microsoft Defender XDR and Sentinel.
- KQL proficiency; experience building detections, hunting queries, and automation.
Familiarity with incident response lifecycle, MITRE ATT&CK, and Windows/AD telemetry
Job Type: Contract
Pay: $50.00 - $100.00 per hour
Work Location: In person