Cybersecurity Operations Analyst I

Summary:

The Cybersecurity Operations Analyst I (COA 1) is responsible for the initial triage and monitoring of security events working exclusively in Microsoft 365 E5 environments and helping to enforce CMMC 2.0 requirements. COA 1 will work alongside senior analysts and engineers to identify suspicious activity validate alerts and support incident response workflows.

Role and Responsibilities:

Monitoring and triage

• Monitor alerts and notifications from Microsoft 365 Defender suite:
• Defender for Endpoint
• Defender for Office 365
• Defender for Cloud Apps (MCAS)
• Defender for Identity (formerly ATA)
• Microsoft Defender XDR
• Monitor for alerts from other alerting sources (such as external or outsourced Security Operations Center).
• Perform initial triage of security alerts determine false positives and escalate true positives based on playbook criteria.
• Review and classify incidents in Microsoft Sentinel or third-party SIEM tools according to severity and SLA guidelines.
• Manage security operations tasks and assignments in ticketing system.

Incident handling and response support

• Assist senior analysts during active incidents by collecting logs screenshots and device/user activity history.
• Document timelines observations and artifacts to support root cause analysis and reporting.
• Conduct follow-up on low-risk alerts and phishing investigations (possibly with supervised guidance).

Customer interaction and ticket management

• Document findings and updates in the SOC ticketing system with accuracy and clarity.
• Respond to basic client inquiries related to user behavior alert definitions or mitigation steps under supervision.
• Follow documented workflows to support CMMC 2.0 incident response requirements including reporting timelines and evidence handling.

Platform maintenance and log health

• Review and report on log ingestion health from Defender Entra ID and endpoint agents across customer tenants as required.
• Assist in onboarding new clients to SOC monitoring tools and validating telemetry and log collection flows.
• Identify noisy or misconfigured alert rules and report recommendations to senior analysts.
• Assist in gathering and assembling audit evidence to support compliance assessments.

Vulnerability and patch management

• Manage operating system and third-party software patching cycles for customer environments.
• Prioritize and manage vulnerability remediation in coordination with infrastructure teams and customer needs.
• Leverage Microsoft Defender Vulnerability Management (MDVM) and MDE APIs for continuous hygiene improvement.

Qualifications:

12 years of experience in IT support help desk cybersecurity or SOC environment (or relevant degree with internship/entry-level experience).

Familiarity with Windows event logs Microsoft 365 audit logs and endpoint activity.

Basic understanding of cybersecurity concepts attack vectors and threat modeling.

Comfortable with Microsoft 365 environments and cloud-native tooling.

Strong written communication skills for documentation and customer updates.

Security or SC-900 certification

Must be a U.S. citizen eligible for ITAR-compliant work.

Preferred Skills:

Exposure to Microsoft Defender XDR

Microsoft SC-100 or SC-200 certification

Understanding of CMMC and NIST 800-171 requirements

Knowledge of the MITRE ATT&CK framework

Additional Notes

Ability to travel

EOE M/F/D/V