Cyber Automation

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field.
• 3+ years of experience in cybersecurity or SOC operations.
• 1+ years working with Microsoft Sentinel, Defender for Cloud, and Defender for Endpoint.
• Experience in Azure Government and Microsoft 365 GCC-High environments.
• Practical experience in log analysis, incident response, and SIEM management.
• Familiarity with compliance frameworks including CMMC Level 2, NIST SP 800-171, and FedRAMP High.
• Proficiency with KQL (Kusto Query Language) and Sentinel analytics.
• Strong understanding of network security, endpoint protection, and cloud security monitoring.
• Experience integrating alerts and workflows into ServiceNow or similar ITSM tools.
• Knowledge of Active Directory, Entra ID (Azure AD), and conditional access policies.
• Excellent analytical, investigative, and communication skills; strong documentation discipline and attention to detail.
• U.S. Citizenship required (for access to GCC-High and Azure Government environments).

Nice To Haves

• Microsoft Certified: Cybersecurity Architect Expert or Azure Administrator Associate.
• Security+ (CompTIA), Microsoft Certified: Security Operations Analyst Associate, or equivalent.
• GIAC (GCIH, GCIA) or CISSP certification.
• Experience working with Defender for Identity, Purview, and Conditional Access policy design.
• Background in automation (Logic Apps, Power Automate, or PowerShell).
• Prior SOC experience supporting Federal or Defense Industrial Base (DIB) clients.
• Familiarity with incident ticket workflows, evidence collection, and reporting for CMMC Level 2 audits.

Responsibilities

• Monitor alerts and security events generated from Microsoft Sentinel, Defender for Cloud, Defender for Endpoint, Defender for Identity, and other SOC tools.
• Perform initial triage, correlation, and investigation of security incidents to determine severity and impact.
• Escalate confirmed incidents and support containment, eradication, and recovery actions.
• Document incident response steps, root-cause analysis, and lessons learned.
• Maintain 24x7 situational awareness coverage through rotating on-call or shift responsibilities as required.
• Conduct proactive threat hunting using Sentinel analytics, KQL queries, and custom detection rules.
• Analyze logs and telemetry from endpoints, firewalls, Azure resources, and AVD hosts for anomalous activity.
• Identify potential indicators of compromise (IOCs) and emerging threats within the Azure Government and M365 GCC-High ecosystems.
• Recommend tuning improvements to detections and correlation rules to reduce false positives.
• Support regular vulnerability scans, review results, and track remediation activities.
• Collaborate with infrastructure and Intune teams to validate patch compliance across AVD and Windows 365 assets.
• Monitor Defender Vulnerability Management dashboards and report high-risk exposures to leadership.
• Assist in maintaining asset inventories, vulnerability baselines, and patch metrics.
• Support ongoing CMMC Level 2 and NIST SP 800-171 compliance efforts through control monitoring, evidence collection, and reporting.
• Maintain and update security-related documentation, including incident response plans, SIEM configurations, and POA&M items.
• Provide input to the System Security Plan (SSP) on monitoring and incident response controls.
• Participate in internal audits, tabletop exercises, and compliance reviews to ensure readiness.
• Administer SOC and security tools such as Microsoft Sentinel, Defender for Cloud, and Defender for Endpoint.
• Develop custom Sentinel workbooks, dashboards, and KQL queries for enhanced visibility.
• Integrate alerts with ServiceNow for incident and change management workflows.
• Support automation initiatives using Logic Apps, Playbooks, or PowerShell to streamline incident response.
• Produce daily and weekly SOC summaries, incident metrics, and trend analyses.
• Deliver executive-level reports summarizing threat activity, vulnerabilities, and remediation progress.
• Recommend improvements to SOC processes, escalation procedures, and documentation standards.
• Stay current on evolving threats, tools, and Microsoft security technologies applicable to Azure Government environments.

Benefits

• Vacation: 12-25 days, depending on grade
• Company paid holidays
• Personal Days
• Sick Leave
• Medical, dental, and vision coverage
• Retirement savings plans (e.g., 401(k) in the U.S., RRSP in Canada)
• Life and disability insurance
• Employee assistance programs