MDR Analyst L1 with Microsoft Sentinel

KPMG Delivery Network Bulgaria

Job Location:

Sofia - Bulgaria

Monthly Salary: Not Disclosed

Posted on: 20 hours ago

Vacancies: 1 Vacancy

Job Summary

The world of global advisory audit and tax compliance services for large multi-nationals is rapidly changing and heavily dependent on technology.

The KPMG Delivery Network (KDN) is a KPMG special purpose member firm offering a way for clients to leverage KPMG top talent and technology platforms through regional teams of specialists enabling economies of scale and a new way of working that expands beyond local capability

Together with KDN KPMG member firms can drive the sales and delivery of global solutions at a competitive price and in a repeatable and consistent manner. As a member of KDN youll be a part of the KPMG family working alongside some of our professions most skilled practitioners on rewarding programs and initiatives that are changing the way business operates delivering value to our clients and driving positive change in the communities we serve.

Youll be enabling KDN accelerate new ways of working using cutting-edge technology and working together with our member firms located in nearly 150 countries to help us achieve our ambition to be the most trusted and trustworthy professional services firm.

And through your work youll build a global network and unlock opportunities that you may not have thought possible with access to great support vast resources and an inclusive supportive environment to help you reach your full potential.

The Security Analyst L1 (Junior) for a 24/7 Managed Security Services team is responsible for monitoring and triaging security alerts following playbooks documenting investigations and escalating incidents to senior analysts. This is an entry-level role designed for candidates with limited or no experience supported by intensive initial training and continuous coaching while working 12-hour shift rotations.

Your Responsibilities:

Design execute and document initial triage of security alerts and incidents across SIEM/EDR/XDR platforms in a 24/7 Managed Security Services environment working 12-hour shifts and following defined playbooks to ensure consistent high-quality response.
Monitor dashboards queues and notifications to identify suspicious activity validate alert fidelity and perform Level 1 analysis (scope impact severity and urgency) escalating confirmed or complex cases to L2/L3 according to established criteria and SLAs.
Perform foundational investigation steps: gather evidence (logs endpoints identities cloud events) correlate signals across sources and enrich cases using approved tools and threat intelligence to support rapid decision-making.
Maintain clear structured case notes and timelines in the ticketing/case management system ensuring all actions observations and handoffs are traceable and audit-ready.
Execute predefined containment and response actions when authorized (e.g. isolate endpoint reset credentials block indicators disable risky access) and confirm completion while minimizing business disruption.
Support continuous improvement by providing feedback on alert quality and playbook effectiveness reporting recurring false positives missing context and common failure patterns to Detection Engineering and SOC leadership.
Learn and apply security fundamentals through an intensive onboarding and training programbuilding practical skills in alert triage investigation workflows incident categorization and communication under pressure.
Develop proficiency in at least one SIEM query language and investigation toolkit (e.g. KQL for Microsoft Sentinel as a strong advantage) and progressively expand capability in endpoint and cloud security telemetry interpretation.
Collaborate with shift teammates L2/L3 analysts and incident responders to ensure smooth handovers accurate escalation and consistent customer communication aligned to operational procedures.
Demonstrate operational discipline: follow runbooks adhere to change control and access policies protect sensitive data and maintain professionalism in a high-trust environment with rotating schedules.
Contribute to knowledge base and internal documentation by capturing new findings updating procedures and sharing what to look for patterns discovered during investigations and training exercises.
Participate in post-incident reviews and learning sessions to strengthen detection understanding reduce repeat incidents and accelerate personal growth toward L2 readiness.

What you bring in:

Bachelors degree (or final-year student) in Cybersecurity Computer Science Information Technology or a related field.
Relevant entry-level or foundational certifications are beneficial:
- Microsoft SC-200 (Security Operations Analyst)
- AZ-900 / SC-900 (Azure / Security Fundamentals)
- CompTIA Security (or equivalent foundational security certification)
02 years of experience in SOC MDR IT operations or a related technical role.
Exposure to security monitoring log analysis or incident handling is an advantage but not mandatory.
Familiarity with Microsoft Sentinel Microsoft Defender or SIEM/SOC environments is highly desirable.
Experience working in shift-based or operational environments is a plus.

What we offer:

The chance to work in a top talent team
Attractive remuneration
Build knowledge in cutting-edge technologies
Opportunity for continuous training learning and certification
Experience in an international and multicultural organization
Work on challenging projects with clients in various industries around the globe
Modern office environment
Additional health insurance
Life insurance
50 benefits and services to choose from
Hybrid working policy

Required Experience:

The world of global advisory audit and tax compliance services for large multi-nationals is rapidly changing and heavily dependent on technology. The KPMG Delivery Network (KDN) is a KPMG special purpose member firm offering a way for clients to leverage KPMG top talent and technology platforms thr...

The world of global advisory audit and tax compliance services for large multi-nationals is rapidly changing and heavily dependent on technology.

Your Responsibilities:

Design execute and document initial triage of security alerts and incidents across SIEM/EDR/XDR platforms in a 24/7 Managed Security Services environment working 12-hour shifts and following defined playbooks to ensure consistent high-quality response.
Monitor dashboards queues and notifications to identify suspicious activity validate alert fidelity and perform Level 1 analysis (scope impact severity and urgency) escalating confirmed or complex cases to L2/L3 according to established criteria and SLAs.
Perform foundational investigation steps: gather evidence (logs endpoints identities cloud events) correlate signals across sources and enrich cases using approved tools and threat intelligence to support rapid decision-making.
Maintain clear structured case notes and timelines in the ticketing/case management system ensuring all actions observations and handoffs are traceable and audit-ready.
Execute predefined containment and response actions when authorized (e.g. isolate endpoint reset credentials block indicators disable risky access) and confirm completion while minimizing business disruption.
Support continuous improvement by providing feedback on alert quality and playbook effectiveness reporting recurring false positives missing context and common failure patterns to Detection Engineering and SOC leadership.
Learn and apply security fundamentals through an intensive onboarding and training programbuilding practical skills in alert triage investigation workflows incident categorization and communication under pressure.
Develop proficiency in at least one SIEM query language and investigation toolkit (e.g. KQL for Microsoft Sentinel as a strong advantage) and progressively expand capability in endpoint and cloud security telemetry interpretation.
Collaborate with shift teammates L2/L3 analysts and incident responders to ensure smooth handovers accurate escalation and consistent customer communication aligned to operational procedures.
Demonstrate operational discipline: follow runbooks adhere to change control and access policies protect sensitive data and maintain professionalism in a high-trust environment with rotating schedules.
Contribute to knowledge base and internal documentation by capturing new findings updating procedures and sharing what to look for patterns discovered during investigations and training exercises.
Participate in post-incident reviews and learning sessions to strengthen detection understanding reduce repeat incidents and accelerate personal growth toward L2 readiness.

What you bring in:

Bachelors degree (or final-year student) in Cybersecurity Computer Science Information Technology or a related field.
Relevant entry-level or foundational certifications are beneficial:
- Microsoft SC-200 (Security Operations Analyst)
- AZ-900 / SC-900 (Azure / Security Fundamentals)
- CompTIA Security (or equivalent foundational security certification)
02 years of experience in SOC MDR IT operations or a related technical role.
Exposure to security monitoring log analysis or incident handling is an advantage but not mandatory.
Familiarity with Microsoft Sentinel Microsoft Defender or SIEM/SOC environments is highly desirable.
Experience working in shift-based or operational environments is a plus.

What we offer:

The chance to work in a top talent team
Attractive remuneration
Build knowledge in cutting-edge technologies
Opportunity for continuous training learning and certification
Experience in an international and multicultural organization
Work on challenging projects with clients in various industries around the globe
Modern office environment
Additional health insurance
Life insurance
50 benefits and services to choose from
Hybrid working policy

Required Experience: