Tier 23 Cyber Security Analyst Microsoft SentinelMicrosoft Defender
Share
Job Location:
Washington, AR - USA
Monthly Salary:
$ 80000 - 128000
Posted on:
Yesterday
Vacancies:
1 Vacancy
Job Summary
Responsibilities
Position: Tier 2/3 Cyber Security Analyst - Microsoft Sentinel and Microsoft Defender
Program: Peraton Federal Strategic Cyber Mission
Peraton is seeking an experienced Tier 2/3 Cyber Security Analyst to join our Federal Strategic Cyber Mission program. This role requires a seasoned cybersecurity professional with extensive handson experience implementing configuring and operating Microsoft Sentinel and Microsoft Defender security solutions. The ideal candidate will serve as a senior escalation point for complex security incidents lead advanced threathunting operations and drive the maturation of detection capabilities across the Microsoft security ecosystem.
Key Responsibilities:
Incident Detection Analysis and Response
Detect classify process track and report cybersecurity events and incidents across the enterprise.
Serve as senior escalation point for Tier 1 and Tier 2 triage conducting indepth analysis of complex and coordinated threats in a 24x7x365 environment.
Analyze logs from multiple sources (host EDR firewalls IDS servers) to identify contain and remediate suspicious activity.
Characterize and analyze network traffic to identify anomalies and potential threats.
Perform forensic analysis of host artifacts network traffic and email content.
Analyze malicious scripts and code to mitigate threats.
Conduct malware analysis and develop IOCs to support threat identification and mitigation.
Microsoft Sentinel & Defender Engineering and Operations
Design implement configure and maintain Microsoft Sentinel SIEM including workspace architecture data connectors and log ingestion pipelines.
Develop and tune analytics rules scheduled queries NRT rules and fusion rules to optimize detection fidelity.
Create and maintain Sentinel workbooks hunting queries and automation playbooks (Logic Apps).
Implement and manage Microsoft Defender for Endpoint (MDE) including ASR rules AIR policy configuration and KQL-based advanced hunting.
Configure and operationalize Microsoft Defender for Identity including sensor deployment threatdetection tuning and lateral movement path analysis.
Manage Microsoft Defender for Office 365 including Safe Attachments Safe Links anti-phishing policies and investigation capabilities.
Implement and maintain Microsoft Defender for Cloud for CSPM workload protection and cloud-native threat detection across multi-cloud environments.
Develop custom KQL queries for hunting detection engineering and security analytics across M365 Defender and Sentinel.
Integrate Sentinel with SOAR developing automated response playbooks and orchestration workflows.
Monitor data connector health troubleshoot ingestion issues and optimize log collection.
Implement and manage Microsoft Entra ID security capabilities including Conditional Access Identity Protection PIM and access reviews.
Threat Hunting & Intelligence
Conduct proactive hunts for APTs using Sentinel and MDE hunting capabilities.
Integrate and operationalize threat intelligence within Sentinel to enhance detection.
Analyze threat intelligence reporting and apply adversary methodology knowledge to improve detection posture.
Map detections and hunting hypotheses to MITRE ATT&CK and D3FEND frameworks.
Collaboration & Reporting
Collaborate with customer teams to investigate and respond to events and incidents.
Monitor and respond via SOAR hotline and designated email inboxes.
Create tickets and initiate workflows in accordance with SOPs.
Coordinate and report incident information to CISA as required.
Engage with local national and international CIRTs as directed.
Submit alert tuning requests and lead ongoing detection engineering efforts.
Mentor and provide technical guidance to Tier 1 and Tier 2 analysts on Microsoft security tools and incident response processes.
Qualifications
Minimum Requirements
Education & Experience
Bachelors degree and a minimum of 5 years of cybersecurity experience OR a high school diploma and 9 years of cybersecurity experience.
Minimum 3 years of hands-on experience implementing and operating Microsoft Sentinel (workspace deployment analytics rule development workbook creation playbook automation).
Minimum 3 years of experience implementing and managing Microsoft Defender solutions (Defender for Endpoint Defender for Identity Defender for Office 365 and/or Defender for Cloud).
Certifications
Must possess (or be able to obtain prior to start date) at least one of the following; continued certification is required as a condition of employment: CCNA-Security; CND; CySA; GICSP; GSEC; Security CE; SSCP
Technical Skills:
Extensive proficiency in Kusto Query Language (KQL) for advanced detections hunting queries and Sentinel/M365 Defender analytical workbooks.
Experience designing and implementing Microsoft Sentinel analytics rules (scheduled NRT fusion).
Proven experience deploying and managing Microsoft Defender for Endpoint (policy configuration ASR rules AIR live response).
Experience with Microsoft Defender for Identity (sensor deployment detection tuning identity-based investigations).
Demonstrated experience across the full Incident Response lifecycle (Preparation through Lessons Learned).
Knowledge of SOAR platforms and automated response systems (ServiceNow Splunk SOAR Sentinel Playbooks/Logic Apps).
Experience with SIEM platforms (Sentinel Splunk Elastic QRadar).
Experience with EDR solutions (MDE ElasticXDR CarbonBlack CrowdStrike).
Knowledge of cloud security monitoring and incident response especially in Azure.
Ability to integrate IOCs and track APT actor activity.
Ability to analyze threat intelligence and understand adversary techniques.
Knowledge of static and dynamic malware analysis techniques.
Knowledge of MITRE ATT&CK and D3FEND frameworks and ability to map detections.
Clearance & Citizenship
U.S. Citizenship required.
Ability to obtain a Top Secret security clearance.
Preferred Qualifications:
Microsoft SC200 (Security Operations Analyst) highly preferred
Microsoft SC100 (Cybersecurity Architect)
Microsoft AZ500 (Azure Security Engineer)
Microsoft SC300 (Identity and Access Administrator)
Experience architecting multitenant or multiworkspace Sentinel environments
Experience with Sentinel content hub solutions and custom content development
Proficiency with Microsoft Defender for Cloud workload protection across Azure AWS and GCP
Experience developing Logic Apps and Power Automate flows for security automation
Proficiency with Splunk for monitoring alerting and threat hunting
Knowledge of Microsoft Azure/Entra ID access and identity management (Conditional Access PIM Identity Protection)
Experience with digital forensics tools (Autopsy Magnet Forensics KAPE CyLR Volatility Zimmerman tools)
Experience with ServiceNow SOAR for automated ticketing and response
Proficiency in Python PowerShell and Bash for automation and tool development
Ability to perform static/dynamic malware analysis and reverse engineering
Experience integrating cyber threat intelligence and IOC-based hunting into Sentinel TI module
Experience leading purple team exercises and translating findings into actionable detections
Additional preferred certifications:
- Microsoft: SC200 SC100 AZ500 SC300 SC900
- Industry: SecurityX/CASP CySA Cloud GCIH GCIA GCFA GNFA GREM GEIR CCSP CCSK CHFI GCLD PRMP
- Practical: TryHackMe SAL1 HackTheBox CDSA CyberDefenders CCD
Peraton Overview
Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the worlds leading mission capability integrator and transformative enterprise IT provider we deliver trusted highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land sea space air and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day our employees do the cant be done by solving the most daunting challenges facing our customers. Visit to learn how were keeping people around the world safe and secure.
Target Salary Range
EEO
Required Experience:
IC
About Company
Peraton provides innovative solutions for the most sensitive and critical programs in government today, developed and executed by scientists, engineers, and other experts.
