Security Analyst II

ProArch is a global IT consulting firm providing Security, Data, Application Dev, and Cloud services. Offices are located in the US, UK and India.

As a Security Analyst II (SOC), you will be responsible for monitoring, detecting, and responding to security incidents while utilizing your expertise in M365 security technologies and Microsoft Sentinel to optimize detection and response capabilities. This role is highly technical. You will play a critical role in improving our security operations by creating and refining use cases and detection rules to safeguard our organization and clients from cyber threats. You will also be responsible for all the technical escalations from the junior SOC Analysts. You will have the Shift Lead responsibilities to ensure that the SOC Monitoring and Response is done with quality adhering to the defined SLAs and overlooking at the operations during your shift. Another goal would be to identify improvements and gaps within the SOC operations, creating standard operating procedures, creating workflows for playbooks that can be used by the SOC to respond to security incidents.

Communication skills are essential as this position will be the technical escalation point for the SOC Team. Security Analyst II (SOC) should be able to act proactively to ensure smooth security operations and effective collaboration during the shift. This position should lead by setting a good example and engaging the team to achieve the organizational goals set forth by the Leadership Team for the Security Teams. A key outcome of this position is to continuously improve the efficiency and quality of the security operations center.

Requirements

• Act as an escalation point for Tier 1 analysts, handling more complex security incidents and alerts.
• Investigate, triage, and respond to security incidents detected through the SOAR / SIEM and other security monitoring tools.
• Perform in-depth analysis of incidents and recommend containment and remediation actions.
• Lead containment and remediation efforts for security incidents.
• Develop, test, and fine-tune detection rules and use cases based on log sources, threat intelligence, attack patterns, and client requirements.
• Identify emerging threats and incorporate them into use-cases for alerts and detections.
• Optimize and refine alert thresholds and logic to minimize false positives and enhance detection accuracy.
• Leverage expertise in Microsoft 365 Defender/Defender XDR, Microsoft Defender for Endpoint, Defender for Office 365 and Entra ID Protection to improve overall threat detection and response.
• Conduct proactive threat hunting to identify unknown threats across endpoints, identities, and network traffic using available tools and log sources.
• Analyze security logs and telemetry data for signs of compromise, anomalous activities, or malicious behavior.
• Perform root-cause analysis for security incidents and provide actionable insights to improve security posture.
• Prioritize the work effectively and handle shifting priorities professionally.
• Work closely with cross-functional teams (IT, Cloud Operations, Application Development) to mitigate security risks and improve incident response capabilities.
• Create detailed reports and post-incident analysis to communicate findings and recommendations to technical and non-technical stakeholders.
• Contribute to continuous improvement of SOC processes, including SOPs, playbooks, runbooks, and escalation procedures.
• Stay updated with the latest threat landscape, vulnerabilities, and attack methods.
• Share knowledge and insights with other SOC analysts and participate in team knowledge-sharing sessions.
• Participate in red/blue team exercises to test and improve detection and response capabilities.

TECHNICAL SKILLS:

Candidate should have a minimum of 4 years of experience in IT Security with additional background in Security Operations Center. To be successful, this position will require the candidate to have expertise in the following areas:

• Strong knowledge of Microsoft Sentinel KQL (Kusto Query Language) for custom queries and rule creation.
• Familiarity with Security Information and Event Management (SIEM) systems, particularly Microsoft Sentinel.
• Familiarity of how SOAR (Security Orchestration and Automated Response) works and ability to provide workflows which can be used for automating SOC responses.
• Experience with endpoint security, identity protection, and network security monitoring.
• Perform forensic analysis to understand the scope and impact of incidents.
• Incident Handling, take technical investigation ownership of incidents and coordinate response efforts.
• Advanced Analysis, perform advanced and complex analysis of sophisticated threats.
• Knowledge of security frameworks such as MITRE ATT&CK and CIS controls.
• Industry knowledge and experience in Managed Detection and Response (MDR) technologies.
• Experience working in a Managed Security Operations or Security Team
• Knowledge of ITIL Foundation Framework.
• Microsoft Security and Compliance including:

1. Microsoft Purview, IRM, DLP, Insider Risk
2. Defender for Endpoint
3. Defender for Office 365
4. Defender for Identity
5. Defender for Cloud Apps
6. Defender for Cloud
7. Defender XDR
8. Defender for IoT
9. Entra ID Identity Protection
10. Entra ID & Intune
11. Microsoft Sentinel

• Experience of CrowdStrike EDR and/or IDP is highly desirable.
• Knowledge / Experience handling OT Security alerts is desirable.
• Vulnerability Management tools including Qualys and Nucleus.
• Security Awareness Training using tools such as KnowBe4.
• Incident Response Management and Reporting.
• Desirable to have knowledge of Compliance Frameworks including:

1. NIST
2. CMMC
3. HIPAA
4. NERC / CIP
5. PCI
6. Privacy such as GDPR and SHIELD

REQUIREMENTS:

This position requires that the applicant be a professional leader. ProArch is looking for a candidate who can fulfill the following:

• Outstanding Written, Verbal, Technical, Non-Technical, communication & presentation skills.
• Self-directed with the ability to prioritize and handle SOC Operations and Alert inflow.
• Experience in mentoring and guiding a highly technical team.
• Eager learner continually improving skill sets, earning certifications, and gaining industry knowledge.
• Skilled in leading a conversation with client to drive an incident investigation and response.
• Exceptional analytical skills
• Outstanding written communication and verbal skills
• 95% of our clients are from Northern USA. A good command over English language is a must.

EDUCATION AND CERTIFICATION:

• Bachelor's degree in computer science/engineering/IT/Computer Applications or significant demonstrable experience in IT Security / IT.
• Must have any of these Microsoft Certifications: SC-200, SC-900, AZ-500, SC-300, SC-400.
• Certifications such as CEH, CISSP, CompTIA CySA+, or others.