Platzhalter Bild

Cybersecurity Operations Analyst I bei Neo Systems Corp

Neo Systems Corp · Reston, Vereinigte Staaten Von Amerika · Onsite

$60,000.00  -  $78,000.00

Jetzt bewerben

Summary:

The Cybersecurity Operations Analyst I (COA 1) is responsible for the initial triage and monitoring of security events, working exclusively in Microsoft 365 E5 environments, and helping to enforce CMMC 2.0 requirements. COA 1 will work alongside senior analysts and engineers to identify suspicious activity, validate alerts, and support incident response workflows.

 

Role and Responsibilities:

Monitoring and triage

  • Monitor alerts and notifications from Microsoft 365 Defender suite:
    • Defender for Endpoint
    • Defender for Office 365
    • Defender for Cloud Apps (MCAS)
    • Defender for Identity (formerly ATA)
    • Microsoft Defender XDR
  • Monitor for alerts from other alerting sources (such as external or outsourced Security Operations Center).
  • Perform initial triage of security alerts, determine false positives, and escalate true positives based on playbook criteria.
  • Review and classify incidents in Microsoft Sentinel or third-party SIEM tools according to severity and SLA guidelines.
  • Manage security operations tasks and assignments in ticketing system.

Incident handling and response support

  • Assist senior analysts during active incidents by collecting logs, screenshots, and device/user activity history.
  • Document timelines, observations, and artifacts to support root cause analysis and reporting.
  • Conduct follow-up on low-risk alerts and phishing investigations (possibly with supervised guidance).

Customer interaction and ticket management

  • Document findings and updates in the SOC ticketing system with accuracy and clarity.
  • Respond to basic client inquiries related to user behavior, alert definitions, or mitigation steps under supervision.
  • Follow documented workflows to support CMMC 2.0 incident response requirements, including reporting timelines and evidence handling.

Platform maintenance and log health

  • Review and report on log ingestion health from Defender, Entra ID, and endpoint agents across customer tenants as required.
  • Assist in onboarding new clients to SOC monitoring tools and validating telemetry and log collection flows.
  • Identify noisy or misconfigured alert rules and report recommendations to senior analysts.
  • Assist in gathering and assembling audit evidence to support compliance assessments.

Vulnerability and patch management

  • Manage operating system and third-party software patching cycles for customer environments.
  • Prioritize and manage vulnerability remediation in coordination with infrastructure teams and customer needs.
  • Leverage Microsoft Defender Vulnerability Management (MDVM) and MDE APIs for continuous hygiene improvement.

 

Qualifications:

·        1–2 years of experience in IT support, help desk, cybersecurity, or SOC environment (or relevant degree with internship/entry-level experience).

·        Familiarity with Windows event logs, Microsoft 365 audit logs, and endpoint activity.

·        Basic understanding of cybersecurity concepts, attack vectors, and threat modeling.

·        Comfortable with Microsoft 365 environments and cloud-native tooling.

·        Strong written communication skills for documentation and customer updates.

·        Security+ or SC-900 certification

·        Must be a U.S. citizen eligible for ITAR-compliant work.

 

Preferred Skills:

·        Exposure to Microsoft Defender XDR

·        Microsoft SC-100 or SC-200 certification

·        Understanding of CMMC and NIST 800-171 requirements

·        Knowledge of the MITRE ATT&CK framework

 

 

 

 

Additional Notes

·        Ability to travel

  
EOE M/F/D/V

 

Jetzt bewerben

Weitere Jobs