L3 SOC Analyst / Incident Response Analyst

Tasks

• Administer Microsoft Defender XDR
• Administer Microsoft Defender for Cloud Apps
• Administer Microsoft Defender for Endpoint
• Administer Microsoft Defender for Identity
• Administer Microsoft Defender for Office 365
• Administer Microsoft Entra ID
• Administer Microsoft Purview
• Analyze IOC and correlate threats
• Analyze cloud security incidents
• Automate alert enrichment and incident routing
• Automate containment actions
• Build reusable detection content and query libraries
• Conduct proactive threat hunting
• Conduct threat triage and validation
• Coordinate containment remediation and recovery
• Create Sentinel playbooks
• Design develop and maintain Microsoft Sentinel detection rules
• Develop KQL analytics and correlation logic
• Develop Logic Apps integrations
• Enrich investigations with threat intelligence
• Implement SOC automation workflows
• Integrate SOAR workflows
• Investigate email security incidents
• Investigate endpoint and identity incidents
• Lead incident response
• Maintain investigation playbooks and runbooks
• Map detections to MITRE ATTACK
• Operate Microsoft Sentinel SIEM
• Operate and tune Microsoft security platforms
• Optimize SOC automation frameworks
• Perform advanced threat investigation
• Perform digital forensics and evidence collection
• Perform root cause analysis
• Produce investigation findings timelines and impact assessments
• Support high severity incident escalation
• Synchronize tickets with ticketing systems
• Tune detections and reduce false positives
• Use API integrations for automation
• Use Graph API for integrations

Perks/Benefits

• N/A

Skills/Tech-stack

API Integration | Analytics rules | Behavioral Baselining | Cause analysis | Cloud Security | Cloud apps | Correlation logic | Defender XDR | Defender for Cloud Apps | Defender for Endpoint | Defender for Identity | Defender for Office 365 | Detection and Response | Detection engineering | Email Security | Endpoint Detection and Response | Endpoint detection | Entra ID | Graph API | Identity Protection | Incident Response | KQL | Logic Apps | Microsoft Defender | Microsoft Defender XDR | Microsoft Defender for Cloud | Microsoft Defender for Cloud Apps | Microsoft Defender for Endpoint | Microsoft Defender for Identity | Microsoft Defender for Office | Microsoft Defender for Office 365 | Microsoft Entra | Microsoft Entra ID | Microsoft Identity | Microsoft Identity Protection | Microsoft Purview | Microsoft Sentinel | Mitre Attack | Office 365 | Playbooks | Root Cause Analysis | Root cause | SIEM operations | SOAR engineering | SOC automation | Threat Intelligence | Threat Investigation | Threat hunting | Ticketing systems