Pivotal Consulting
Microsoft Security Operations Center (SOC) Analyst
Pivotal Consulting, Seattle, Washington, us, 98127
Microsoft Security Operations Center (SOC) Analyst
Seattle, WA (Contract W2 Hourly, Hybrid)
We are seeking a highly skilled and experienced Microsoft Security Operations Center (SOC) Analyst to join our dedicated technology solutions team. This role is a specialized position focused on advanced threat detection, assessment, and the critical function of validating and grading outputs from our security AI and machine learning models.
What you will do:
AI/ML Validation and Refinement: Act as the human-in-the-loop, responsible for tagging, grading, and labeling security data and outcomes generated by AI/ML detection models (e.g., from Microsoft Sentinel, Defender). Provide feedback continuously to improve model accuracy and reduce false positives.
Expert Threat Hunting: Proactively hunt for sophisticated threats across the environment using advanced methodologies. Develop, document, and execute complex threat-hunting queries using KQL over the Microsoft data lake and Azure security tables (e.g., security events, network flows, process executions).
Incident Response and Triage: Serve as an escalation point for complex security alerts. Conduct in-depth analysis of incidents, determine scope of compromise, and provide clear actionable containment recommendations.
Data Expertise and Schema Mastery: Maintain expert-level knowledge of Microsoft's security data schemas, including tables within Azure Sentinel/Log Analytics (SecurityEvent, SigninLogs, DeviceProcessEvents) and Microsoft 365 Defender suite.
Content Development: Develop high-fidelity custom detection rules, watchlists, hunting queries, and automated playbooks within Microsoft Sentinel platform.
Reporting and Communication: Prepare detailed reports on emerging threats, hunting activities, and AI model performance metrics for security leadership and engineering teams.
Process Improvement: Identify gaps in current monitoring, detection, and response capabilities and propose solutions to enhance overall security posture.
What makes you a good fit:
Bachelor's degree in Computer Science, Information Security, or related field, or equivalent practical experience.
Minimum of 5 years of experience working in a Security Operations Center (SOC), Threat Intelligence, or Incident Response role.
Security Data Proficiency (Expert): Deep understanding of security data types, sources, and log structures necessary for effective analysis and hunting.
KQL Mastery: Advanced proven expertise in KQL is mandatory, including the ability to write complex, performant, and multi-stage queries (e.g., using join, mv-expand, make_list, bag_unpack) to extract insights from massive datasets.
Microsoft Security Stack Experience: Extensive hands-on experience with Microsoft's unified security platforms, including Microsoft Sentinel (SIEM/SOAR), Microsoft 365 Defender (Endpoint, Identity, Cloud Apps), Azure Security Center/Defender for Cloud.
Threat Hunting Methodology: Solid understanding of MITRE ATT&CK framework and experience applying hypothesis-driven hunting techniques.
Analytical Abilities: Exceptional critical thinking and analytical skills to synthesize data and draw conclusions under pressure.
Certifications (Preferred): Relevant industry certifications such as GIAC GCTI, GIAC GCFA, Microsoft SC-200 (Security Operations Analyst Associate), or equivalent.
Compensation, Diversity and Benefit Information:
The pay range for this position in Washington is $50 - $80/hr; however, base pay offered may vary depending on job-related knowledge, skills, candidate location, and experience.
Pivotal Consulting is committed to creating and supporting a diverse and inclusive team and serving all communities. All qualified applicants will be considered for employment regardless of race, gender, gender identity or expression, sexual orientation, religion, national origin, disability, age or veteran status.
Pivotal Consulting offers a comprehensive benefit package, including medical, dental and vision insurance, 401k, and paid time off.
#J-18808-Ljbffr
What you will do:
AI/ML Validation and Refinement: Act as the human-in-the-loop, responsible for tagging, grading, and labeling security data and outcomes generated by AI/ML detection models (e.g., from Microsoft Sentinel, Defender). Provide feedback continuously to improve model accuracy and reduce false positives.
Expert Threat Hunting: Proactively hunt for sophisticated threats across the environment using advanced methodologies. Develop, document, and execute complex threat-hunting queries using KQL over the Microsoft data lake and Azure security tables (e.g., security events, network flows, process executions).
Incident Response and Triage: Serve as an escalation point for complex security alerts. Conduct in-depth analysis of incidents, determine scope of compromise, and provide clear actionable containment recommendations.
Data Expertise and Schema Mastery: Maintain expert-level knowledge of Microsoft's security data schemas, including tables within Azure Sentinel/Log Analytics (SecurityEvent, SigninLogs, DeviceProcessEvents) and Microsoft 365 Defender suite.
Content Development: Develop high-fidelity custom detection rules, watchlists, hunting queries, and automated playbooks within Microsoft Sentinel platform.
Reporting and Communication: Prepare detailed reports on emerging threats, hunting activities, and AI model performance metrics for security leadership and engineering teams.
Process Improvement: Identify gaps in current monitoring, detection, and response capabilities and propose solutions to enhance overall security posture.
What makes you a good fit:
Bachelor's degree in Computer Science, Information Security, or related field, or equivalent practical experience.
Minimum of 5 years of experience working in a Security Operations Center (SOC), Threat Intelligence, or Incident Response role.
Security Data Proficiency (Expert): Deep understanding of security data types, sources, and log structures necessary for effective analysis and hunting.
KQL Mastery: Advanced proven expertise in KQL is mandatory, including the ability to write complex, performant, and multi-stage queries (e.g., using join, mv-expand, make_list, bag_unpack) to extract insights from massive datasets.
Microsoft Security Stack Experience: Extensive hands-on experience with Microsoft's unified security platforms, including Microsoft Sentinel (SIEM/SOAR), Microsoft 365 Defender (Endpoint, Identity, Cloud Apps), Azure Security Center/Defender for Cloud.
Threat Hunting Methodology: Solid understanding of MITRE ATT&CK framework and experience applying hypothesis-driven hunting techniques.
Analytical Abilities: Exceptional critical thinking and analytical skills to synthesize data and draw conclusions under pressure.
Certifications (Preferred): Relevant industry certifications such as GIAC GCTI, GIAC GCFA, Microsoft SC-200 (Security Operations Analyst Associate), or equivalent.
Compensation, Diversity and Benefit Information:
The pay range for this position in Washington is $50 - $80/hr; however, base pay offered may vary depending on job-related knowledge, skills, candidate location, and experience.
Pivotal Consulting is committed to creating and supporting a diverse and inclusive team and serving all communities. All qualified applicants will be considered for employment regardless of race, gender, gender identity or expression, sexual orientation, religion, national origin, disability, age or veteran status.
Pivotal Consulting offers a comprehensive benefit package, including medical, dental and vision insurance, 401k, and paid time off.
#J-18808-Ljbffr