Job Description:
• Investigate and respond to escalated security incidents across Microsoft cloud and on-premises environments
• Perform advanced incident analysis using Microsoft Defender suite and Azure Sentinel
• Conduct security assessment of Azure/Microsoft 365 configurations and implement hardening recommendations
• Analyze and respond to advanced Active Directory attacks (Kerberoasting, Pass-the-Hash, Golden Ticket)
• Monitor and investigate Exchange Server logs, email flow patterns, and phishing campaigns
• Analyze federation security including ADFS token-based attacks and SAML token manipulation
• Configure and tune WAF/firewall rule sets and investigate related security incidents
• Develop network segmentation strategies and identify lateral movement attempts
• Develop and maintain incident response playbooks for various attack scenarios
• Coordinate incident response activities with cross-functional teams
Requirements:
• 3-5 years in cybersecurity with 2+ years SOC experience
• Deep knowledge of hybrid Microsoft environments (Microsoft 365, Azure, on-premises AD)
• Experience with SIEM platforms and security monitoring tools
• Scripting proficiency (PowerShell, Python)
• Strong analytical and communication skills
• Microsoft Certified: Security Operations Analyst (SC-200)
• One additional security certification: EC-Council CSA, CompTIA Security+, or similar
Benefits:
• CyberSheath is a fully remote organization, and this will be a work-from-home position
• Travel requirements: 0-5% yearly