Lead Security Analyst

only w2

No need of Security Engineers, Only Analysts

Lead Exp needed, since its a Level 3

Job Summary :

The Senior Security Analyst is responsible for monitoring, analyzing, and responding to security threats across a comprehensive security infrastructure. This includes utilizing tools such as Microsoft Sentinel, Defender for Endpoint, Defender for Identity, Defender for Cloud, and Azure Security Center. This role involves leveraging the Unified Security Platform to ensure the protection of the organization's information systems and data.

Key Responsibilities :

• Proactively monitor security events and alerts across the Microsoft Unified Security Platform and conduct investigation, containment, and remediation of complex security incidents, including provide root cause analysis and deliver detailed incident reports with remediation recommendations.
• Use Kusto Query Language (KQL) to run regular queries for detecting patterns and anomalies.
• Utilize analytics to identify unusual behaviour and potential threats, including user and entity behaviour analytics (UEBA) using Sentinel.
• Correlate alerts from different sources to identify multi-stage attacks.
• Regularly review and optimize threat hunting processes to identify and address hidden risks.
• Leverage data sources such as network, endpoint, and cloud activity logs in Sentinel to create workbooks and dashboards for real-time monitoring. Additionally, automate responses to alerts using playbooks.
• Conduct in-depth log analysis and enrichment to improve event visibility and detection.
• Perform real-time threat hunting using MITRE ATT&CK tactics and techniques.
• Monitor the effectiveness of endpoint protection policies within Microsoft Defender for Endpoint.
• Analyze alerts for false positives / negatives and improve detection accuracy by tuning detection logic.
• Conduct periodic reviews of user activity and behavioural analytics to detect insider threats or compromised accounts.
• Stay updated on emerging threats and vulnerabilities, applying intelligence to enhance detection capabilities.
• Coordinate with internal and external stakeholders to handle critical incidents effectively.
• Utilize Microsoft Sentinel's threat intelligence feeds for real-time detection of emerging threats.
• Mentor and train junior SOC analysts on Microsoft security tools, techniques, and best practices.
• Lead threat simulation exercises and red team / blue team drills to assess SOC readiness.
• Assist in creating and updating SOC documentation, including detection rules, runbooks, and workflows.
• Create and manage incident response playbooks using Logic Apps for automated actions.
• Provide recommendations for maturing SOC capabilities, leveraging Microsoft solutions.

Qualifications and Skills :

Technical Skills :

Soft Skills :

Professional Experience :

Certifications (Preferred) :