Principal Security Analyst - Microsoft Sentinel /Chronicle

About the Role:

Responsibilities:

• Own security outcomes for assigned customers, ensuring high-quality SOC deliverables and alignment with client expectations.
• Lead customer-facing calls to discuss incident investigations, provide strategic guidance, and offer recommendations for improving security posture.
• Perform advanced threat hunting and proactive investigations to detect, isolate, and mitigate malicious activities in customer environments.
• Act as a technical lead within the SOC, providing mentorship, guidance, and leadership to other Security Analysts.
• Oversee real-time monitoring and detection activities using SIEM, EDR, and other security tools, ensuring timely identification and escalation of threats.
• Collaborate with internal teams, such as Detection Engineering, to refine detection rules and enhance automation workflows to close gaps in customer security posture.
• Maintain and update security operations processes and incident response playbooks to ensure they remain current and effective.
• Provide training to Security Analysts on tools, processes, and emerging threats to enhance team capabilities.
• Lead post-incident reviews, identifying lessons learned, and sharing findings to improve operational effectiveness.
• Tailor detection and response strategies to meet the unique needs of individual customer environments.
• Stay informed of the evolving threat landscape to provide actionable insights and ensure a proactive approach to security

Requirements:

• Experience: Minimum 5+ years of professional experience in cybersecurity, with a strong background in security operations.
• Security Information and Event Management (SIEM): Must have advanced knowledge and experience with SIEM platform, such as Microsoft Sentinel and / OR Google SecOps (Chronicle)
• Must have strong experience reading and writing YARA and / OR KQL
• System Administration Knowledge/Experience: Expertise securing and investigating security incidents on Windows, Unix/Linux, and MacOS environments.
• Networking Proficiency: Advanced understanding of networking concepts, including the ability to analyze network artifacts and logs effectively.
• Endpoint Detection and Response (EDR): Hands-on experience with EDR tools such as SentinelOne, CrowdStrike, Microsoft Defender, or equivalent platforms is preferred .
• Technical Skills: Proficient in threat hunting, malware analysis, and leveraging security tools to investigate and mitigate threats.
• Communication: Strong written and verbal communication skills, with the ability to create and present reports, dashboards, and strategic recommendations.
• Certifications (Preferred): Industry-recognized certifications such as CISSP, GIAC, GCIH, GCFA, OSCP, or equivalent .