The IRM SecOps team is seeking a Security Operations Analyst who thrives in a lean, fast-moving environment, takes ownership of outcomes, and combines hands-on detection and response expertise with strong operational security capabilities.
This position supports multiple areas of security operations through the implementation, configuration, and optimization of security tools and integrations, including monitoring, detection tuning, telemetry visibility, and continuous improvement. The role also supports incident response and other security operations activities, including hands-on investigation, containment, remediation, and addressing root causes.
RESPONSIBILITIES:- Conduct proactive threat hunting and refine detection logic for improved accuracy and context.
- Implement, configure, and optimize security tools, SIEM integrations, and data connections.
- Monitor and validate security telemetry to identify visibility gaps and improve detection coverage.
- Respond to escalated security incidents, performing analysis, containment, remediation, and root cause investigation.
- Collaborate with IT, cloud, and development teams to strengthen security controls and visibility.
- Create and maintain detailed incident documentation, timelines, and lessons learned.
- Continuously improve playbooks, automation, operational processes, and detection effectiveness.
- Contribute to process and capability development across the team.
- Assist with onboarding and troubleshooting data sources and connectors within Microsoft Sentinel.
REQUIRED QUALIFICATIONS:- 5+ years of experience in cybersecurity operations, security operations, incident response, or threat detection.
- Hands-on expertise with Microsoft Azure security services, including Azure Monitor, Sentinel, and Entra ID.
- Strong understanding of SIEM operations, telemetry visibility, detection logic, and incident response workflows.
- Experience with threat hunting, log analysis, and identifying visibility gaps within security monitoring environments.
- Proficiency in Python and/or PowerShell scripting for automation and operational support.
- Excellent communication and collaboration skills.
- Highly self-motivated with the ability to manage priorities and operate independently in a fast-paced environment.
PREFERRED QUALIFICATIONS:- Hands-on expertise with CrowdStrike Falcon (deployment, configuration, and response).
- Familiarity with Amazon Web Services (AWS).
- Familiarity with Defender XDR, Splunk, and osquery.
- Experience in consulting, finance, or technology environments.
- Experience with data visualization tools (e.g., Power BI).
- Certifications such as GIAC, GCFA, or GCFR.
Work Environment:- On-call rotation is required for after-hours incidents.
- Occasional weekend work may be needed for critical projects or incident response.
- Remote (U.S. only) but must be physically located within the continental United States.
- Expect a nimble, hands-on, high-ownership culture where your contributions have visible impact.
