Job Description

Atmosera empowers businesses to redefine what’s possible with modern technology and human expertise. Our exceptional experience across Applications, Data & AI, DevOps, Security, and the Microsoft Azure platform enables organizations to accelerate innovation, enhance security, and optimize operational agility. As a Microsoft Partner with seven specializations, GitHub AI Partner of the Year, a member of the GitHub Advisory Board, and a member of the prestigious Microsoft Intelligent Security Association (MISA), Atmosera expertly delivers cutting-edge, integrated solutions that deliver business value.

As a Security Analyst, you will join a team of cybersecurity professionals delivering proactive Managed Security and Managed Governance services. In this role, you’ll help safeguard our clients’ environments by identifying vulnerabilities, deploying effective protective measures, and working collaboratively to mitigate risks while ensuring compliance with industry standards and regulations. The ideal candidate is highly analytical, possesses hands-on experience with Microsoft security solutions, and is passionate about staying ahead of emerging cyber threats.

Key Responsibilities

Security Monitoring and Alert Triage

Monitor security alerts and incidents in Microsoft Sentinel, Defender XDR, and Defender for Cloud
Triage incoming alerts to determine severity, impact, and required response actions
Differentiate between false positives, benign activity, and actionable threats using established playbooks
Perform continuous monitoring of cloud, identity, endpoint, and network telemetry

Incident Investigation and Response

Investigate suspicious activity across Azure, Entra ID, Microsoft Defender XDR, and integrated data sources
Correlate logs, events, and indicators to establish timelines and determine root cause
Escalate confirmed or high-risk incidents to senior analysts or incident response teams
Execute or recommend containment actions in accordance with defined procedures

Log Analysis and Detection Support

Utilize Kusto Query Language (KQL) and Log Analytics to analyze security data
Correlate events across identity, endpoint, network, and cloud workloads
Identify trends, anomalies, and patterns indicative of malicious activity
Provide input into detection tuning and rule optimization efforts

Documentation and Reporting

Create and maintain detailed, audit-defensible investigation notes and case records
Document all triage decisions, escalation rationale, and response actions
Produce incident summaries and reporting for internal stakeholders and clients
Participate in shift handoffs and maintain continuity of ongoing investigations

Threat Intelligence and Continuous Improvement

Stay informed on emerging threats, vulnerabilities, and attack techniques
Apply threat intelligence to contextualize alerts and improve detection accuracy
Participate in post-incident reviews and contribute to process improvements
Support tuning efforts to reduce false positives and improve detection fidelity

Collaboration and Client Support

Work within a multi-tenant MSSP environment supporting multiple client environments
Collaborate with engineering, incident response, and client-facing teams
Provide clear and professional communication during incident escalations
Support service delivery objectives, SLOs, and operational metrics

Required Qualifications

1+ years of experience in a Security Operations Center or related security role
Hands-on experience with SIEM platforms (Microsoft Sentinel preferred)
Experience analyzing logs from one or more of the following:
- Azure / Entra ID
- Microsoft Defender (Endpoint, Identity, Cloud, Office 365)
- Windows / Linux systems
- Network security tools (firewalls, IDS/IPS)
- Cloud Security Posture Management - Defender for Cloud
Basic understanding of incident response processes and frameworks
Strong analytical and investigative skills

Preferred Qualifications

Experience with Microsoft security ecosystem:
- Microsoft Sentinel
- Microsoft Defender XDR
- Microsoft Defender for Cloud
Familiarity with KQL for log analysis and threat hunting
Understanding of MITRE ATT&CK framework and common attack techniques
Experience in an MSSP or multi-tenant environment
Relevant certifications:
- Microsoft SC-200 (Security Operations Analyst)
- CompTIA Security+ or equivalent

Competencies and Attributes

Ability to make accurate triage decisions under pressure
Strong written and verbal communication skills
Attention to detail and evidence-based analysis
Ability to follow and improve structured investigation processes
Adaptability in a high-volume, alert-driven environment

Work Environment and Expectations

Participation in a 24x7 SOC shift model may be required
Exposure to high-volume alert environments requiring prioritization and efficiency
Collaboration with geographically distributed teams and client stakeholders
Continuous learning and development in Azure security and threat detection

This is a contractor position in the United States with the ability to work from home but may require travel to a client site.

Atmosera is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. All employment is decided on the basis of qualifications, merit, and business need.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.