Cybersecurity Operations Analyst I bei Neo Systems Corp

Summary:

The Cybersecurity Operations Analyst I (COA 1) is responsible for the initial triage and monitoring of security events, working exclusively in Microsoft 365 E5 environments, and helping to enforce CMMC 2.0 requirements. COA 1 will work alongside senior analysts and engineers to identify suspicious activity, validate alerts, and support incident response workflows.

Role and Responsibilities:

Monitoring and triage

• Monitor alerts and notifications from Microsoft 365 Defender suite:
• Defender for Endpoint
• Defender for Office 365
• Defender for Cloud Apps (MCAS)
• Defender for Identity (formerly ATA)
• Microsoft Defender XDR
• Monitor for alerts from other alerting sources (such as external or outsourced Security Operations Center).
• Perform initial triage of security alerts, determine false positives, and escalate true positives based on playbook criteria.
• Review and classify incidents in Microsoft Sentinel or third-party SIEM tools according to severity and SLA guidelines.
• Manage security operations tasks and assignments in ticketing system.

Incident handling and response support

• Assist senior analysts during active incidents by collecting logs, screenshots, and device/user activity history.
• Document timelines, observations, and artifacts to support root cause analysis and reporting.
• Conduct follow-up on low-risk alerts and phishing investigations (possibly with supervised guidance).

Customer interaction and ticket management

• Document findings and updates in the SOC ticketing system with accuracy and clarity.
• Respond to basic client inquiries related to user behavior, alert definitions, or mitigation steps under supervision.
• Follow documented workflows to support CMMC 2.0 incident response requirements, including reporting timelines and evidence handling.

Platform maintenance and log health

• Review and report on log ingestion health from Defender, Entra ID, and endpoint agents across customer tenants as required.
• Assist in onboarding new clients to SOC monitoring tools and validating telemetry and log collection flows.
• Identify noisy or misconfigured alert rules and report recommendations to senior analysts.
• Assist in gathering and assembling audit evidence to support compliance assessments.

Vulnerability and patch management

• Manage operating system and third-party software patching cycles for customer environments.
• Prioritize and manage vulnerability remediation in coordination with infrastructure teams and customer needs.
• Leverage Microsoft Defender Vulnerability Management (MDVM) and MDE APIs for continuous hygiene improvement.

Qualifications:

·        1–2 years of experience in IT support, help desk, cybersecurity, or SOC environment (or relevant degree with internship/entry-level experience).

·        Familiarity with Windows event logs, Microsoft 365 audit logs, and endpoint activity.

·        Basic understanding of cybersecurity concepts, attack vectors, and threat modeling.

·        Comfortable with Microsoft 365 environments and cloud-native tooling.

·        Strong written communication skills for documentation and customer updates.

·        Security+ or SC-900 certification

·        Must be a U.S. citizen eligible for ITAR-compliant work.

Preferred Skills:

·        Exposure to Microsoft Defender XDR

·        Microsoft SC-100 or SC-200 certification

·        Understanding of CMMC and NIST 800-171 requirements

·        Knowledge of the MITRE ATT&CK framework

Additional Notes

·        Ability to travel

  
EOE M/F/D/V