Cybersecurity Operations Analyst II

About The Position

Requirements

• 3–5 years of cybersecurity experience, with at least 1 year in a SOC, IR, or detection-focused role.
• Strong knowledge of attacker TTPs, MITRE ATT&CK, and Zero Trust principles.
• Hands-on experience with Microsoft 365 E5 security stack.
• Familiarity with CMMC 2.0, NIST 800-171, and FedRAMP security controls.
• Experience conducting or responding to vulnerability scans and remediation workflows.
• Security+ or SC-900 certification
• Must be a U.S. citizen eligible for ITAR-compliant work.

Nice To Haves

• Certified Ethical Hacker (CEH)
• Microsoft SC-100, SC-200, SC-300, or SC-400 certifications
• Microsoft AZ-500

Responsibilities

• Lead investigations of escalated alerts across the following: Defender for Endpoint Defender for Office 365 Defender for Cloud Apps (MCAS) Defender for Identity (formerly ATA) Microsoft Defender XDR
• Correlate log and alert data to detect lateral movement, privilege escalation, anomalous behavior, and advanced persistent threats using Microsoft Defender data and investigative tools from external SOC vendors.
• Conduct live incident response across customer tenants (containment, eradication, recovery) in accordance with CMMC 2.0 and NIST 800-171 incident response standards.
• Coordinate post-incident documentation including RCA, timeline analysis, and recommendations.
• Assist senior analysts during active incidents by collecting logs, screenshots, and device/user activity history.
• Document timelines, observations, and artifacts to support root cause analysis and reporting.
• Conduct follow-up on low-risk alerts and phishing investigations (possibly with supervised guidance).
• Document findings and updates in the SOC ticketing system with accuracy and clarity.
• Respond to basic client inquiries related to user behavior, alert definitions, or mitigation steps under supervision.
• Follow documented workflows to support CMMC 2.0 incident response requirements, including reporting timelines and evidence handling.
• Conduct proactive threat hunting using KQL queries in Microsoft Sentinel and hunting dashboards in Defender XDR.
• Assist with tuning analytics rules and alert thresholds and reducing false positives in detection logic.
• Work with external SOC services to tune rules and alert thresholds.
• Identify opportunities for new detections based on threat intelligence and customer risk profiles.
• Support configuration and optimization of Microsoft Sentinel data connectors, workbooks, automation rules, and response playbooks.
• Monitor log ingestion and telemetry gaps from M365 Defender products, Entra ID, and endpoint clients.
• Maintain detection signatures and IOCs provided by Microsoft, ISACs, or third-party feeds.
• Manage operating system and third-party software patching cycles for customer environments.
• Prioritize and manage vulnerability remediation in coordination with infrastructure teams and customer needs.
• Perform vulnerability scans using Qualys, Tenable.io, or Nessus across hybrid and cloud environments.
• Analyze, prioritize, and track vulnerabilities by CVSS score, exploitability, and exposure relevance to customer mission.
• Collaborate with customer IT and endpoint teams to validate and remediate critical vulnerabilities in operating systems, applications, and Microsoft 365 services.
• Report on vulnerability trends and threat exposure as part of recurring customer security reviews.
• Participate in high-touch incident communications and brief customers on security events, containment actions, and risk.
• Generate clear, actionable incident summaries and vulnerability reports tailored for both technical and executive audiences.
• Assist with compliance evidence collection during audits or IR tabletop exercises.
• Lead or assist in conducting security awareness training campaigns and tabletop exercises for customers.
• Assist in gathering and assembling audit evidence to support compliance assessments.