Cybersecurity Engineer

Project description:

We are looking for a Cybersecurity Engineer with hands-on experience in Microsoft-based environments and understanding of Security Operations Center (SOC) processes. This role is ideal for someone who already has real incident handling exposure, understands alert triage, and is familiar with common security tooling in the Microsoft ecosystem. The candidate will work as part of our internal team responsible for monitoring, analyzing, and responding to security alerts, supporting incident investigations, and ensuring proper documentation and escalation.

Main responsibilities:

• Monitor and analyze security alerts coming from Microsoft Sentinel, Microsoft Defender XDR, and other security tools.

• Perform L1/L1+ triage, including initial investigation, enrichment, and classification of alerts.

• Identify false positives, suspicious activity, and potential incidents.

• Escalate confirmed incidents to L2/L3 teams with proper context and evidence.

• Support incident response activities such as containment guidance, account lockouts, endpoint isolation recommendations, etc.

• Create and maintain clear incident documentation (tickets, timelines, evidence collection).

• Support detection improvements (basic tuning, feedback loop, reporting common patterns).

• Follow SOC playbooks and help improve operational procedures.

Requirements:

• 1+ year of experience in a SOC / security operations / IT security role.

• Understanding of SOC workflows: alert triage, incident classification, escalation, reporting.

• Basic knowledge of common attack techniques (MITRE ATT&CK awareness).

• Familiarity with security incident types: phishing, brute force, malware, suspicious logins, lateral movement indicators. Microsoft Environment

• Understanding of Windows / Active Directory environments.

• Basic knowledge of: ○ Azure AD / Entra ID ○ Office 365 / Microsoft 365 security concepts ○ Microsoft Defender for Endpoint (basic investigation level) ○ Microsoft Sentinel (basic query & investigation skills) Technical Skills

• Ability to work with logs and security telemetry.

• Basic knowledge of KQL (Kusto Query Language) or willingness to learn quickly.

• Understanding of networking fundamentals (DNS, HTTP, VPN, TCP/IP, ports).

• Familiarity with ticketing systems (ServiceNow, Jira, etc.).

• Ability to follow procedures and document investigations clearly.

Nice to Have

• Experience with Microsoft Defender for Identity / Defender for Cloud Apps.

• Experience with vulnerability management (Defender VM, Qualys, Tenable).

• Basic scripting knowledge (PowerShell).

• Experience with SOAR / automation (Logic Apps, Sentinel playbooks).

• Knowledge of email security (phishing analysis, header review).. Soft Skills

• Strong analytical mindset and attention to detail.

• Clear communication skills and ability to provide concise escalation notes.

• Team player attitude and willingness to learn and grow in SOC operations.