Job VC
Senior SOC Analyst with Microsoft Security Stack
Project overview
This project focuses on building and enhancing a mature cyber defense capability that combines advanced incident response with security engineering and automation. The goal is to improve detection accuracy, accelerate response times, and strengthen protection across cloud and on premise systems.
Position overview
This role serves as the last escalation point for Incident Management & Incident Response within the SOC team. The engineer is engaged when L2 analysts face technically complex incidents — including malware analysis, digital forensics, high-impact events, and incidents with significant business or client exposure. In addition to L3 analytical work, the role covers engineering responsibilities: SIEM fine-tuning, SOAR automation, data source onboarding, and quality control of incident tickets. The engineer also mentors junior analysts and drives team knowledge-sharing.
Responsibilities
Act as the final escalation point for complex security incidents and lead end to end investigations
Perform malware triage and behavioral analysis using both static and dynamic techniques
Conduct digital forensics activities including evidence collection, artifact analysis, and timeline reconstruction
Develop and tune detection rules in Microsoft Sentinel and improve analytics and correlation logic
Write and optimize KQL queries to enhance detection quality and reduce false positives
Configure and maintain data connectors, parsers, and normalization pipelines
Design and improve SOAR playbooks to automate triage and response workflows
Work with FortiAnalyzer to manage log collection, correlation rules, and alerting pipelines
Collaborate with international teams to ensure consistent security monitoring practices
Review incident tickets and ensure quality and completeness of investigations
Mentor L1 and L2 analysts and contribute to knowledge sharing initiatives
Break down engineering tasks and support junior team members in their execution
Requirements
3 to 5 years of experience in a SOC environment at L2 or Security Engineer level
Experience acting as an escalation point for incident response and managing complex investigations end to end
Hands on experience with malware analysis including identification of indicators of compromise and behavior analysis
Experience with digital forensics fundamentals including evidence handling and timeline reconstruction
Practical experience with Microsoft Sentinel including rule creation, tuning, and data onboarding
Strong KQL skills with the ability to build and optimize analytical queries
Experience with Microsoft Defender XDR products and advanced hunting capabilities
Familiarity with Microsoft Azure security services including Entra ID and monitoring tools
Experience working with AWS security services such as CloudTrail, GuardDuty, and Security Hub
Experience with Fortinet FortiAnalyzer for log management and correlation
Understanding of networking, operating systems, and enterprise security principles
Experience with SOAR platforms and automation of incident response workflows
Experience mentoring team members and supporting knowledge development
Nice to have
Experience with AI driven SOC workflows and automation using language models
Familiarity with Microsoft Copilot Studio or low code automation tools such as Logic Apps
Experience integrating threat intelligence platforms and enrichment pipelines into SOC processes