Tier I Incident Responder

Pueo is known for bringing the best talent and unique tools to every opportunity. Pueos Parliament (aka workforce) is composed of professionals who are seeking the opportunity to work in a business organization that thrives on career development and support of mission and professional growth our Parliament has supported the development of multiple patents proprietary tools and applications as well as trademarked processes.

Our organization emphasizes career development across multiple career environments (at the members own pace) and ensures those who contribute broadly are properly rewarded. Pueo has four career environments where every member of the parliament can participate. Each environment has opportunities available for all levels. Opportunities are framed by an employees desires and capabilities and we ensure challenges growth and unique experiences are available for employees at all levels.

Our Career Environments (Program Functional Service and Leadership) provide numerous opportunities for employees to invest in their personal growth and those things that offer fulfillment. We invest in helping our members create and execute their career development plans. Our Pods (small teams of 5 or less) are comprised of personnel with similar skillsets to ensure mentorship understanding and peer support.

OVERVIEW:

The Tier 1 Incident Responder plays a critical entry-level role in supporting the companys cybersecurity operations. This position is ideal for individuals seeking to launch or advance their career in cybersecurity by actively contributing to incident response and security monitoring. As a Tier 1 responder you will be responsible for real-time monitoring of security alerts and events conducting initial triage of potential threats and escalating incidents as needed. You will assist with tuning detection & response tools as well as building dashboards to improve visibility of risk through meaningful representations of data.

This role offers hands-on experience working within a Security Operations Center (SOC) environment where you will learn to identify suspicious activity analyze security data and contribute to maintaining the effectiveness of incident response processes. You will work closely with experienced responders and engineers gaining valuable mentorship and exposure to best practices in threat detection compliance monitoring and incident handling. The ideal candidate is enthusiastic about cybersecurity has completed relevant training or possesses practical experience supporting incident response and is eager to develop technical skills while making an immediate impact on organizational security.

GENERAL DUTIES:

• Security Monitoring & Alert Triage
  • Perform real-time monitoring of security alerts and events using Microsoft Defender for Cloud with response actions in Defender Entra ID and Intune.
  • Conduct initial triage of potential threats validate true positives vs. false positives and escalate incidents according to SOC procedures.
  • Document triage findings timelines and escalation notes in case management systems to ensure accurate incident tracking.
• Incident Response Support
  • Perform evidence gathering contextual analysis and initial containment steps based on predefined playbooks in coordination with IT Director and CTO.
  • Help identify patterns of suspicious behavior account misuse device compromise or policy violations using Microsoft security tools.
  • Participate in post-incident reviews by providing notes data and observations from Tier 1 analysis.
• Threat Hunting Assistance
  • Support basic threat-hunting activities by reviewing Defender Entra and Intune logs for anomalies suspicious authentications device health issues or emerging indicators of compromise.
  • Surface trends or recurring alerts that may indicate misconfigurations or new attack techniques.
  • Configuration Policy & Detection Maintenance
  • Assist with updating and tuning security policies rules and configurations in:
  • Microsoft Defender for Cloud (Azure Defender)
  • Microsoft Entra ID (Identity Protection Conditional Access)
  • Microsoft Intune (Device compliance & endpoint security)
  • Support optimization of alert rules thresholds and baselines to improve fidelity and reduce false positives.
  • Contribute to maintaining and improving dashboards workbooks and security visualizations for operational reporting.
• Operational Support & Documentation
  • Maintain accurate documentation of processes configurations and SOPs related to Tier 1 responsibilities.
  • Follow established SOC workflows and contribute feedback to enhance operational maturity.
  • Collaborate closely with senior analysts engineers and SOC leadership to improve monitoring and IR processes.

REQUIRED QUALIFICATIONS:

• High school diploma or equivalent (Associates or Bachelors nice to have but not required).
• Security Operations Fundamentals
  • Understanding of core SOC functions including alert monitoring log analysis incident triage escalation and documentation.
  • Familiarity with common attack techniques security events and indicators of compromise.
• Microsoft Security & Endpoint Tools
  • Practical experience (or training) using:
    • Microsoft Defender for Cloud / Azure Defender
    • Microsoft Entra ID (Identity Protection Conditional Access)
    • Microsoft Intune (Device compliance endpoint configuration and policy management)
  • Ability to navigate dashboards review logs interpret alerts and update policies within the Microsoft security ecosystem.
• Analytical & Technical Skills
  • Basic understanding of network identity and endpoint security concepts.
  • Ability to analyze events correlate information from multiple data sources and distinguish normal from abnormal behavior.
  • Strong attention to detail with the ability to follow structured procedures.
• Basic understanding of cybersecurity concepts such as:
  • Malware vs. phishing
  • Endpoint security
  • Authentication/identity
• Ability to learn quickly-curiosity and persistence matter more than technical proficiency.
• Strong communication skills especially writing clear notes during alert triage.
• Basic familiarity with Azure or Microsoft 365 portals (even free-tier playground experience counts).
• Experience:
  • Completion of a cybersecurity bootcamp junior SOC course or labs such as:
    • TryHackMe SOC Analyst Path
    • Microsoft Learn Defender for Endpoint modules
    • AZ900 or SC900 coursework
    • Intro to DFIR labs (even free ones)
• Handson lab experience with:
  • Microsoft 365 Defender alerts
  • Intune device compliance policies
  • Entra ID signin logs or Conditional Access
  • Simulated phishing investigations
  • Real-world SOC experience is NOT expected.

DESIRED QUALIFICATIONS:

• Microsoft Certified: Security Operations Analyst Associate
• Relevant certifications such as Sec are also desirable.

CLEARANCE:

• US Citizenship required

Pueo is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race color religion sex national origin disability age sexual orientation gender identity genetic information or protected veteran status. Pueo takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities women protected veterans and individuals with disabilities.