SOC Analyst II - Microsoft Security Stack Focus
Industrial Security Integrators (ISI) is actively building a next-generation Security Operations Center (SOC) centered around the Microsoft security ecosystem. As part of our growing cybersecurity team, the SOC Analyst II will play a critical role in maturing our detection capabilities, tuning signal-to-noise ratios, and helping operationalize advanced features in the Microsoft 365 G5 stack.
The SOC Analyst II will be a key member of our cybersecurity operations team, responsible for leveraging Microsoft 365 G5 technologies to hunt, detect, and respond to threats. You will help us build and tune our Microsoft Sentinel SIEM, automate workflows, and strengthen our overall security posture using the Microsoft ecosystem.
Duties/Responsibilities
- Operationalize Microsoft Sentinel as our central SIEM: design, implement, and tune analytics rules, workbooks, automation (Logic Apps), and connectors.
- Manage and maintain Defender for Endpoint, Defender for Identity, Defender for Office 365, and Microsoft Defender Vulnerability Management (MDVM) across client and internal environments.
- Perform advanced alert triage, correlation, and investigation using Microsoft security signals.
- Write, tune, and manage KQL-based detection rules to reduce false positives and improve detection efficacy.
- Utilize Power BI to create clear, informative dashboards for threat visibility and SOC metrics.
- Support threat hunting activities across Microsoft 365 workloads and Azure infrastructure.
- Collaborate with IT and engineering teams to ensure secure configurations of Microsoft Entra ID (formerly Azure AD) including Conditional Access, Identity Protection, and MFA policies.
- Create and maintain detection runbooks, incident response guides, and client-facing artifacts.
- Monitor emerging threats relevant to Microsoft environments and adapt detection logic accordingly.
- Assist in onboarding new MSP clients into our Microsoft-based SOC workflows and toolsets.
Required Qualifications
- 3+ years of experience in a SOC, MDR, or threat detection role.
- Proven hands-on experience with Microsoft Sentinel (KQL, analytic rules, playbooks, incident response workflows).
- Strong knowledge of Microsoft Defender XDR suite: Defender for Endpoint, Identity, Office 365, and MDVM.
- Familiarity with Microsoft Entra ID (formerly Azure AD), Conditional Access, and authentication protocols.
- Comfort with scripting and automation (e.g., PowerShell, Logic Apps, or Sentinel playbooks).
- Experience with Power BI for dashboard creation and reporting.
- Solid understanding of attacker TTPs and frameworks like MITRE ATT&CK.
- Experience supporting clients in multi-tenant or MSP environments.
- Ability to communicate clearly with technical and non-technical stakeholders.
Preferred Qualifications
- Microsoft certifications such as:
- SC-200: Microsoft Security Operations Analyst
- SC-100: Microsoft Cybersecurity Architect
- SC-300: Identity and Access Administrator
- Experience in regulated environments (FedRAMP, CMMC, NIST 800-171).
What we offer
- The salary range for this role is $90,000-$110,000
- Hybrid work
- A competitive salary and benefits package
- A casual, friendly, and relaxed work environment
- Professional growth encouragement and support
Industrial Security Integrators, LLC (“IsI”) is an equal opportunity employer committed to affirmative action and diversity in the workplace. It is the policy of IsI to provide Equal Employment Opportunities (EEO) to Employees and Applicants, without regard to race, color, religion, sex, age, marital status, citizenship status, national origin, sexual orientation, gender identity, veteran status or disability or any other factor protected by law and to provide advancement opportunities for minorities, women, disabled individuals, and veterans. IsI is stronger and more effective when our workforce includes highly qualified individuals with diverse backgrounds, cultures, and traditions.