United States onlyQualifications:
- Active Public Trust clearance
- B.S. Computer Science, Information Technology, or a related field
- 7+ years of experience in cybersecurity operations, threat hunting, or incident response
- Strong experience with Microsoft Sentinel and Kusto Query Language (KQL)
- Hands-on experience with Microsoft Defender XDR (Endpoint, Identity)
- Experience analyzing logs across cloud (AWS), network, and endpoint environments
- Strong knowledge of MITRE ATT&CK framework and adversary techniques
- Experience with digital forensics and malware analysis
- Ability to conduct root cause analysis and develop remediation strategies
- Experience working in 24x7 SOC environments
- Preferred certifications include but are not limited to
- GCIA, GCIH, CISSP, CEH, or equivalent cybersecurity certifications
- Microsoft Sentinel or Microsoft security platform certifications
- Relevant cloud security certifications (e.g., AWS security)
- Privacy certifications (e.g., CIPP/US, CIPM) where applicable
Duties:
- Conduct proactive threat hunting across identity, endpoint, network, and cloud telemetry
- Lead advanced incident investigations including root cause analysis and forensic analysis
- Develop and tune detection logic and analytics within Microsoft Sentinel (KQL)
- Perform correlation of multi-source telemetry aligned to MITRE ATT&CK framework
- Analyze logs from Microsoft Defender (Endpoint, Identity), AWS, firewalls, VPNs, and other sources
- Support incident containment, eradication, and recovery activities
- Develop and improve threat hunting hypotheses based on intelligence and trends
- Validate and refine detection use cases and monitoring capabilities
- Support red team / purple team exercises and adversary emulation
- Produce detailed incident reports, including timelines and remediation recommendations
- Identify security gaps and recommend mitigation strategies
- Collaborate with Tier 1 and Tier 2 analysts to improve triage and escalation processes
