Investigate security alerts using tools such as CrowdStrike Falcon Suite, Microsoft Sentinel, endpoint telemetry, identity logs, network data, and cloud security sources.
Perform alert triage and analysis to determine the scope, severity, and potential impact of security events.
Support incident response activities, including investigation, containment, remediation, recovery, and post-incident documentation.
Participate in rotational on-call escalation coverage for higher-priority security events outside normal business hours, as needed.
Support selected SOC projects focused on improving detection quality, workflows, playbooks, reporting, automation, and response readiness.
Participate in regular security operations reviews and collaborate with cross-functional teams, including Security Engineering, Threat and Vulnerability Management, Networking, Infrastructure, Identity, and IT Operations.
Requirements
2-4 years of cybersecurity experience, including hands-on SOC experience.
Hands-on experience with CrowdStrike Falcon Suite.
Experience with Microsoft Sentinel or similar SIEM technology.
Experience supporting hybrid Active Directory and Microsoft Entra ID environments.
Understanding of common attack techniques, including phishing, credential compromise, malware execution, lateral movement, privilege escalation, and data exfiltration.
Ability to analyze endpoint, identity, network, cloud, and SIEM telemetry to determine scope, severity, and business impact.
Strong written and verbal communication skills, including the ability to brief technical findings and drive follow-up across teams.