As our Security Analyst, you are the first line of defense for our entire company. This is a critical, hands-on role where you will be the "eyes on the glass," monitoring our systems for threats, triaging alerts, and performing the initial investigation and escalation to our engineers.
What You'll Do:
- Monitor and analyze security alerts from our Microsoft 365 Defender and Microsoft Sentinel platforms.
- Perform initial triage to distinguish false positives from credible threats coming from our endpoints, identities, and cloud applications.
- Investigate and escalate confirmed incidents (e.g., from Defender for Cloud Apps or Purview DLP) to the Security Engineering team.
- Use KQL (Kusto Query Language) to support investigations and hunt for suspicious activity.
- Manage our phishing analysis and reporting process.
What You'll Bring:
- 1-3 years of experience in a Security Operations Center (SOC) or a similar analyst role.
- Hands-on experience with a modern SIEM platform (e.g., Microsoft Sentinel, Splunk, Wazuh).
- A foundational understanding of networking, operating systems, and common cyber attack techniques.
- Required Certification: Microsoft Security Operations Analyst (SC-200).
- Bonus Points: CompTIA CySA+, CompTIA Security+, advanced certs like GIAC (GSEC, GCIA), scripting skills, or Arabic language proficiency.
