Senior Security Operations Analyst

• Manage the day-to-day operations of Microsoft Sentinel, including rule creation, log ingestion, data analytics, and alert triaging
• Develop and tune detection rules, use cases, and analytics within Sentinel to improve threat visibility and detection capabilities
• Leverage Wiz Defend to detect and respond to runtime threats across cloud workloads and Kubernetes environments in real-time
• Continuously monitor and investigate alerts generated by Wiz Defend to enhance threat detection, triage, and incident response capabilities
• Perform proactive threat hunting to identify and mitigate advanced threats
• Conduct in-depth incident investigations and coordinate response efforts to ensure swift remediation
• Collaborate with internal stakeholders and the Threat Intelligence team to identify and mitigate potential security threats
• Generate reports and dashboards to communicate SOC performance metrics and security posture to leadership
• Continuously improve SOC processes and playbooks to streamline operations and response efforts
• Mentor junior SOC analysts and provide guidance on security best practices
• This role requires participation in a rotational shift

Flexibility and availability to respond to urgent incidents outside of assigned shifts, as needed

What you'll bring:

• Strong analytical and problem-solving abilities
• Excellent communication and interpersonal skills to effectively collaborate with cross-functional teams
• Proven ability to remain calm and efficient under a high-pressure environment
• Proficient in using SIEM tools, such as Microsoft Sentinel
• Experience with data migration strategies across SIEM platforms
• Experience on Cloud Security Operations and Incident Response platforms such as Wiz
• In-depth understanding of cyber threats, vulnerabilities, and attack vectors
• Proficient in creating KQL queries and custom alerts within Microsoft Sentinel
• Expertise in developing SIEM use cases and detection rules
• Skilled in incident response and management procedures
• Experienced in conducting deep-dive investigations and root cause analysis for incidents
• Adept at collaborating with stakeholders to resolve complex cybersecurity challenges
• Ability to automate routine SOC processes to enhance operational efficiency
• Experienced in mentoring and guiding junior analysts in security operations
• Knowledge of major cloud platforms (AWS, Azure, GCP), including their security models, IAM roles, virtual private cloud (VPC) configurations, and cloud-native security tools

Good to have skills and abilities:

• Excellent interpersonal (self-motivational, organizational, personal project management) skills
• Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System
• Ability to analyze cyber threats to develop actionable intelligence
• Skill in using data visualization tools to convey complex security information

Academic Qualifications:

• Bachelors degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience)
• 4+ years of experience in a Security Operations Center (SOC) environment, with a focus on SIEM management
• Strong hands-on experience with Microsoft Sentinel, including data connectors, KQL queries, analytics rules, and workbooks
• Experience with SIEM migration
• Expertise in incident response, threat detection, and security monitoring
• Solid understanding of Windows, Linux, and cloud security concepts
• Relevant certifications (eg, CompTIA Security+, Microsoft Certified: Security Operations Analyst, GCIA, GCIH, OSDA, GCFA) are preferred
• Preferred Security Cloud Certifications: AWS Security Specialty