Senior Security Analyst (Microsoft Stack)

Others - Romania

Monthly Salary: Not Disclosed

Posted on: 6 hours ago

Vacancies: 1 Vacancy

Job Summary

About the Team & Culture

You will be joining a team that operates as consultants and partners to our clients helping them innovate their existing processes and tools. We are focused on efficiency strong communication and sustainable learning paths. You will have an impact on the projects evolution and the chance to contribute your own ideas to build successful client relationships.

The Role

The Senior Security Analyst operates at the nexus of expertise and leadership within our Security Operations Center (SOC). With a primary focus on Incident Response mastery within the Microsoft ecosystem you will lead the charge in safeguarding our organization against cyber threats.

This role goes beyond reacting to incidents; it entails proactive defense using Microsoft Sentinel and the Defender XDR suite. You will collaborate with engineering teams to upgrade security tools identify gaps in the MITRE ATT&CK coverage and advocate for enhancements that bolster our posture.

Key Responsibilities

Operations (Threat Detection & Incident Response)

Incident Response Mastery: Lead the investigation of high-severity incidents using the Microsoft Defender Portal. Analyze Attack Stories to determine the root cause (e.g. patient zero) scope of compromise (lateral movement) and immediate containment actions (e.g. isolating endpoints via MDE).
Advanced Threat Hunting: Proactively hunt for undetected threats using KQL (Kusto Query Language) across Advanced Hunting tables. Develop hypotheses based on threat intelligence and validate them against data from Defender for Endpoint Identity and Cloud Apps.
Detection Engineering: Tune and optimize Sentinel Analytics Rules to reduce false positives. Collaborate with the SOC Architect to translate hunt findings into permanent detection logic.
Tool Optimization: Identify gaps in log visibility (e.g. missing Sysmon or firewall logs) and advocate for new Data Connectors or content integrations.
Automation: Leverage Automated Investigation & Response (AIR) capabilities in Defender for Office 365 and Endpoint to handle volume and identify opportunities for SOAR playbooks (Logic Apps).

Business (Strategy & Risk)

Risk Assessment: Conduct assessments using Microsoft Secure Score and Exposure Management to identify critical vulnerabilities that could impact business operations.
Impact Analysis: Assess the potential business impact of security incidents (e.g. distinguishing between a test server and a production financial database) to prioritize response efforts effectively.
Compliance & Reporting: Provide expert guidance on regulatory compliance (GDPR ISO 27001) by utilizing Microsoft Purview compliance signals and ensuring retention policies in Log Analytics Workspaces meet legal obligations.
Resilience: Contribute to business continuity planning by ensuring that Break Glass accounts and recovery procedures are tested and functional within the Azure tenant.

People (Leadership & Mentorship)

Mentorship: Act as a technical beacon for Junior/Mid analysts. Guide them through complex investigations in Sentinel teaching them how to pivot effectively between data tables (e.g. DeviceNetworkEvents to IdentityLogonEvents).
Performance & Growth: Conduct regular code reviews of KQL queries written by the team and provide constructive feedback to optimize performance and accuracy.
Recruitment & Onboarding: Participate in technical interviews for new team members ensuring they possess the necessary Microsoft ecosystem knowledge to integrate quickly.

Qualifications :

Technical Expertise:

5 years of experience in SOC or Incident Response.
Microsoft Sentinel: Deep proficiency in managing incidents creating Watchlists and writing complex KQL (joins aggregations visualizations).
Microsoft Defender XDR: Hands-on mastery of Defender for Endpoint (MDE) Defender for Identity (MDI) and Defender for Cloud Apps (MDA).
Frameworks: Strong application of the MITRE ATT&CK framework to map detection coverage.
Scripting: ability to read/write PowerShell for analysis or automation.

Soft Skills:

Consultative Approach: Ability to explain technical risks to non-technical business stakeholders.
Communication: Excellent written and verbal communication in English (German is a strong plus).
Proactive Mindset: A history of self-driven learning (e.g. setting up a home lab following security researchers).

Nice to Have:

Certifications: Microsoft SC-200 (Security Operations Analyst) is highly desired. SC-100 or AZ-500 are strong additions.
Experience with Logic Apps and SOAR workflow design.

Additional Information :

At Accesa you can

Enjoy our holistic benefits program that covers the four pillars that we believe come together to support our wellbeing covering social physical emotional wellbeing as well as work-life fusion.

Physical Wellbeing: Our wellbeing program includes medical benefits gym support and personalised fitness options for an active lifestyle complemented by team events and the Healthy Habits Club.
Work-Life Fusion: In very dynamic industries such as IT the line between our professional and personal lives can quickly become blurred. Having a one-size-fits-one approach gives us the flexibility to define the work-life dynamic that works for us.
Emotional Wellbeing: We believe that to maintain our overall health we need to invest in our mental wellbeing just as much as we do in our physical health social connections or in achieving work-life balance.
Social Wellbeing: As a growing community in a hybrid environment we want to ensure we remain connected not just by the great work we do every day but through our passions and interests.

Remote Work :

Yes

Employment Type :

Full-time

About the Team & CultureYou will be joining a team that operates as consultants and partners to our clients helping them innovate their existing processes and tools. We are focused on efficiency strong communication and sustainable learning paths. You will have an impact on the projects evolution an...

About the Team & Culture

The Role

Key Responsibilities

Operations (Threat Detection & Incident Response)

Incident Response Mastery: Lead the investigation of high-severity incidents using the Microsoft Defender Portal. Analyze Attack Stories to determine the root cause (e.g. patient zero) scope of compromise (lateral movement) and immediate containment actions (e.g. isolating endpoints via MDE).
Advanced Threat Hunting: Proactively hunt for undetected threats using KQL (Kusto Query Language) across Advanced Hunting tables. Develop hypotheses based on threat intelligence and validate them against data from Defender for Endpoint Identity and Cloud Apps.
Detection Engineering: Tune and optimize Sentinel Analytics Rules to reduce false positives. Collaborate with the SOC Architect to translate hunt findings into permanent detection logic.
Tool Optimization: Identify gaps in log visibility (e.g. missing Sysmon or firewall logs) and advocate for new Data Connectors or content integrations.
Automation: Leverage Automated Investigation & Response (AIR) capabilities in Defender for Office 365 and Endpoint to handle volume and identify opportunities for SOAR playbooks (Logic Apps).

Business (Strategy & Risk)

Risk Assessment: Conduct assessments using Microsoft Secure Score and Exposure Management to identify critical vulnerabilities that could impact business operations.
Impact Analysis: Assess the potential business impact of security incidents (e.g. distinguishing between a test server and a production financial database) to prioritize response efforts effectively.
Compliance & Reporting: Provide expert guidance on regulatory compliance (GDPR ISO 27001) by utilizing Microsoft Purview compliance signals and ensuring retention policies in Log Analytics Workspaces meet legal obligations.
Resilience: Contribute to business continuity planning by ensuring that Break Glass accounts and recovery procedures are tested and functional within the Azure tenant.

People (Leadership & Mentorship)

Mentorship: Act as a technical beacon for Junior/Mid analysts. Guide them through complex investigations in Sentinel teaching them how to pivot effectively between data tables (e.g. DeviceNetworkEvents to IdentityLogonEvents).
Performance & Growth: Conduct regular code reviews of KQL queries written by the team and provide constructive feedback to optimize performance and accuracy.
Recruitment & Onboarding: Participate in technical interviews for new team members ensuring they possess the necessary Microsoft ecosystem knowledge to integrate quickly.

Qualifications :

Technical Expertise:

5 years of experience in SOC or Incident Response.
Microsoft Sentinel: Deep proficiency in managing incidents creating Watchlists and writing complex KQL (joins aggregations visualizations).
Microsoft Defender XDR: Hands-on mastery of Defender for Endpoint (MDE) Defender for Identity (MDI) and Defender for Cloud Apps (MDA).
Frameworks: Strong application of the MITRE ATT&CK framework to map detection coverage.
Scripting: ability to read/write PowerShell for analysis or automation.

Soft Skills:

Consultative Approach: Ability to explain technical risks to non-technical business stakeholders.
Communication: Excellent written and verbal communication in English (German is a strong plus).
Proactive Mindset: A history of self-driven learning (e.g. setting up a home lab following security researchers).

Nice to Have:

Certifications: Microsoft SC-200 (Security Operations Analyst) is highly desired. SC-100 or AZ-500 are strong additions.
Experience with Logic Apps and SOAR workflow design.

Additional Information :

At Accesa you can

Enjoy our holistic benefits program that covers the four pillars that we believe come together to support our wellbeing covering social physical emotional wellbeing as well as work-life fusion.

Physical Wellbeing: Our wellbeing program includes medical benefits gym support and personalised fitness options for an active lifestyle complemented by team events and the Healthy Habits Club.
Work-Life Fusion: In very dynamic industries such as IT the line between our professional and personal lives can quickly become blurred. Having a one-size-fits-one approach gives us the flexibility to define the work-life dynamic that works for us.
Emotional Wellbeing: We believe that to maintain our overall health we need to invest in our mental wellbeing just as much as we do in our physical health social connections or in achieving work-life balance.
Social Wellbeing: As a growing community in a hybrid environment we want to ensure we remain connected not just by the great work we do every day but through our passions and interests.

Remote Work :

Yes

Employment Type :

Full-time

Key Skills

Security Management
Sensitive Information Management
Pressure Management
Risk Analysis
Access Control
Safety Procedures
Security Measures
Security Training
Risk Assessment
Access Point
Security Checks
Detect Signs
Safe Environment
Security System
Security Reports

Apply Now

About Company

Accesa

Accesa is a leading technology company headquartered in Cluj-Napoca, with offices in Oradea and 20 years of experience in turning business challenges into opportunities and growth.A value-driven organization, it has established itself as a partner of choice for major brands in Retail, ... View more

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click