Cybersecurity Operations Analyst II

TheâCybersecurity OperationsâAnalystâIIâ(COA2)âis responsible forâtheâinitialâtriage and monitoring of security events working exclusively in Microsoft 365 E5 environments and helping to enforce CMMC 2.0 requirements.ââ

TheâCOA2âis responsible forâadvanced incident response proactive threat hunting vulnerability lifecycle management and escalation support for Microsoft 365 E5 customers. This role bridges the gap betweenâCOA 1 alert/triage and senior analyst/engineering roles working in-depth with Microsoft Defender XDR external SOCsâand industry-standard vulnerability tools like Qualys and Tenable.â

Role &Responsibilities:

AdvancedThreatDetection&Responseâ

• Lead investigations of escalated alerts across the following:â

• Defender for Endpointâ

• Defender for Office 365â

• Defender for Cloud Apps (MCAS)â

• Defender for Identity (formerly ATA)â

• Microsoft Defender XDRâ

• Correlate log and alert data to detect lateral movement privilege escalation anomalous behavior and advanced persistent threats using Microsoft Defender data and investigative tools from external SOC vendors.â

• Conduct live incident response across customer tenants (containment eradication recovery)âin accordance withâCMMC 2.0 and NIST 800-171 incident response standards.â

• Coordinate post-incident documentation including RCA timeline analysis and recommendations.â

IncidentHandling&ResponseSupportâ

• Assistâsenior analysts during active incidents by collecting logs screenshots and device/user activity history.â

• Document timelines observations and artifacts to support root cause analysis and reporting.â

• Conduct follow-up on low-risk alerts and phishing investigations (possibly withâsupervised guidance).â

Customer Interaction & Ticket Managementâ

• Document findings and updates in the SOC ticketing system with accuracy and clarity.â

• Respond to basic client inquiries related to user behavior alert definitions orâmitigation steps under supervision.â

• Follow documented workflows to support CMMC 2.0 incident response requirements including reporting timelines and evidence handling.â

ThreatHunting&DetectionEngineeringSupportâ

• Conduct proactive threat hunting using KQL queries in Microsoft Sentinel and hunting dashboards in Defender XDR.â

• Assistâwith tuning analytics rulesâandâalertâthresholdsandâreducing false positives in detection logic.â

• Work with external SOC services toâtune rules and alert thresholds.â

• Identifyâopportunities for new detections based on threat intelligence and customer risk profiles.â

• Support configuration and optimization of Microsoft Sentinel data connectors workbooks automation rules and response playbooks.â

• Monitor log ingestion and telemetry gaps from M365 Defender products Entra ID and endpoint clients.â

• Maintain detection signatures and IOCs provided by Microsoft ISACs or third-party feeds.â

Vulnerability&âPatchManagementâ

• Manageâoperating system and third-party software patching cyclesâfor customer environments.â

• Prioritize and manageâvulnerability remediationâin coordination with infrastructure teams and customerâneeds.â

• Perform vulnerability scans using Qualys or Nessus across hybrid and cloud environments.â

• Analyze prioritize and track vulnerabilities by CVSS score exploitability and exposure relevance to customer mission.â

• Collaborate with customer IT and endpoint teams toâvalidateâand remediate critical vulnerabilities in operating systems applications and Microsoft 365 services.â

• Report on vulnerability trends and threat exposure as part of recurring customer security reviews.â

CustomerEngagement&Documentationâ

• Participate in high-touch incident communications and brief customers on security events containment actions and risk.â

• Generate clear actionable incident summaries and vulnerability reports tailored for both technical and executive audiences.â

• Assistâwith compliance evidence collection during audits or IR tabletop exercises.â

• Lead orâassistâin conducting security awareness training campaigns and tabletop exercises for customers.â

• Assistâin gathering and assembling audit evidence to support compliance assessments.

Competencies / Skills:

• 35 years of cybersecurity experience with at least 1 year in a SOC IR or detection-focused role.â

• Strong knowledge of attacker TTPs MITRE ATT&CK and Zero Trust principles.â

• Hands-on experience with Microsoft 365 E5 security stack.â

• Familiarity with CMMC 2.0 NIST 800-171 and FedRAMP security controls.â

• Experience conducting or responding to vulnerability scans and remediation workflows.â

• Security or SC-900 certificationâ

• Must be a U.S. citizen eligible for ITAR-compliant work.â

Preferred:

• Certified Ethical Hacker (CEH)â

• MicrosoftâSC-100 SC-200 SC-300 or SC-400 certificationsâ

• MicrosoftâAZ-500â

Where required by law this posting includes a goodâfaith pay range for candidates who will perform the role in specificjurisdictions. For other locations the actual compensation may differ. Final compensation will bedeterminedbased on qualifications experience skills work location internal equity and current market data. This job posting is not a contract or promise of employment or anyparticular compensation and any employment offer will be set out in a written offer letter.

Required Experience:

IC