IsI Enterprises LLC
SOC Analyst II - Microsoft Security Stack Focus
IsI Enterprises LLC, Herndon, Virginia, United States, 22070
Location:
Hybrid - Lorton, VA Clearance:
U.S. Citizenship required; Active Clearance preferred or ability to obtain. On the first day of employment, candidates must visit HQ (compensated) to pick up equipment and complete in-person I-9 verification.. About the Role Industrial Security Integrators (ISI) is actively building a next-generation Security Operations Center (SOC) centered around the
Microsoft security ecosystem . As part of our growing cybersecurity team, the
SOC Analyst II
will play a critical role in maturing our detection capabilities, tuning signal-to-noise ratios, and helping operationalize advanced features in the
Microsoft 365 G5 stack . The SOC Analyst II will be a key member of our cybersecurity operations team, responsible for leveraging Microsoft 365 G5 technologies to hunt, detect, and respond to threats. You will help us build and tune our Microsoft Sentinel SIEM, automate workflows, and strengthen our overall security posture using the Microsoft ecosystem. Key Responsibilities
Operationalize
Microsoft Sentinel
as our central SIEM: design, implement, and tune analytics rules, workbooks, automation (Logic Apps), and connectors. Manage and maintain
Defender for Endpoint, Defender for Identity, Defender for Office 365 , and
Microsoft Defender Vulnerability Management (MDVM)
across client and internal environments. Perform advanced alert triage, correlation, and investigation using Microsoft security signals. Write, tune, and manage KQL-based detection rules to reduce false positives and improve detection efficacy. Utilize Power BI to create clear, informative dashboards for threat visibility and SOC metrics. Support threat hunting activities across Microsoft 365 workloads and Azure infrastructure. Collaborate with IT and engineering teams to ensure secure configurations of Microsoft Entra ID (formerly Azure AD) including Conditional Access, Identity Protection, and MFA policies. Create and maintain detection runbooks, incident response guides, and client-facing artifacts. Monitor emerging threats relevant to Microsoft environments and adapt detection logic accordingly. Assist in onboarding new MSP clients into our Microsoft-based SOC workflows and toolsets. Required Qualifications
3+ years of experience in a SOC, MDR, or threat detection role. Proven hands-on experience with
Microsoft Sentinel
(KQL, analytic rules, playbooks, incident response workflows). Strong knowledge of
Microsoft Defender XDR suite : Defender for Endpoint, Identity, Office 365, and MDVM. Familiarity with
Microsoft Entra ID
(formerly Azure AD), Conditional Access, and authentication protocols. Comfort with scripting and automation (e.g., PowerShell, Logic Apps, or Sentinel playbooks). Experience with Power BI for dashboard creation and reporting. Solid understanding of attacker TTPs and frameworks like MITRE ATT&CK. Experience supporting clients in multi-tenant or MSP environments. Ability to communicate clearly with technical and non-technical stakeholders. Preferred Qualifications
Microsoft certifications such as:
SC-200 : Microsoft Security Operations Analyst SC-100 : Microsoft Cybersecurity Architect SC-300 : Identity and Access Administrator
Experience in regulated environments (FedRAMP, CMMC, NIST 800-171). Why ISI? At ISI, we're building a modern SOC from the ground up using the Microsoft security stack, including Sentinel, Defender, and Entra. This is a high-impact role where you'll help shape our detection and response capabilities, support both internal and MSP environments, and work with FedRAMP-authorized tools in a mission-driven setting. If you're ready to go beyond alert triage and truly build, tune, and lead with Microsoft technologies - this is the place.
Hybrid - Lorton, VA Clearance:
U.S. Citizenship required; Active Clearance preferred or ability to obtain. On the first day of employment, candidates must visit HQ (compensated) to pick up equipment and complete in-person I-9 verification.. About the Role Industrial Security Integrators (ISI) is actively building a next-generation Security Operations Center (SOC) centered around the
Microsoft security ecosystem . As part of our growing cybersecurity team, the
SOC Analyst II
will play a critical role in maturing our detection capabilities, tuning signal-to-noise ratios, and helping operationalize advanced features in the
Microsoft 365 G5 stack . The SOC Analyst II will be a key member of our cybersecurity operations team, responsible for leveraging Microsoft 365 G5 technologies to hunt, detect, and respond to threats. You will help us build and tune our Microsoft Sentinel SIEM, automate workflows, and strengthen our overall security posture using the Microsoft ecosystem. Key Responsibilities
Operationalize
Microsoft Sentinel
as our central SIEM: design, implement, and tune analytics rules, workbooks, automation (Logic Apps), and connectors. Manage and maintain
Defender for Endpoint, Defender for Identity, Defender for Office 365 , and
Microsoft Defender Vulnerability Management (MDVM)
across client and internal environments. Perform advanced alert triage, correlation, and investigation using Microsoft security signals. Write, tune, and manage KQL-based detection rules to reduce false positives and improve detection efficacy. Utilize Power BI to create clear, informative dashboards for threat visibility and SOC metrics. Support threat hunting activities across Microsoft 365 workloads and Azure infrastructure. Collaborate with IT and engineering teams to ensure secure configurations of Microsoft Entra ID (formerly Azure AD) including Conditional Access, Identity Protection, and MFA policies. Create and maintain detection runbooks, incident response guides, and client-facing artifacts. Monitor emerging threats relevant to Microsoft environments and adapt detection logic accordingly. Assist in onboarding new MSP clients into our Microsoft-based SOC workflows and toolsets. Required Qualifications
3+ years of experience in a SOC, MDR, or threat detection role. Proven hands-on experience with
Microsoft Sentinel
(KQL, analytic rules, playbooks, incident response workflows). Strong knowledge of
Microsoft Defender XDR suite : Defender for Endpoint, Identity, Office 365, and MDVM. Familiarity with
Microsoft Entra ID
(formerly Azure AD), Conditional Access, and authentication protocols. Comfort with scripting and automation (e.g., PowerShell, Logic Apps, or Sentinel playbooks). Experience with Power BI for dashboard creation and reporting. Solid understanding of attacker TTPs and frameworks like MITRE ATT&CK. Experience supporting clients in multi-tenant or MSP environments. Ability to communicate clearly with technical and non-technical stakeholders. Preferred Qualifications
Microsoft certifications such as:
SC-200 : Microsoft Security Operations Analyst SC-100 : Microsoft Cybersecurity Architect SC-300 : Identity and Access Administrator
Experience in regulated environments (FedRAMP, CMMC, NIST 800-171). Why ISI? At ISI, we're building a modern SOC from the ground up using the Microsoft security stack, including Sentinel, Defender, and Entra. This is a high-impact role where you'll help shape our detection and response capabilities, support both internal and MSP environments, and work with FedRAMP-authorized tools in a mission-driven setting. If you're ready to go beyond alert triage and truly build, tune, and lead with Microsoft technologies - this is the place.