Cybersecurity Senior Analyst

JOB DESCRIPTION OVERVIEWu00a0 The Cybersecurity Senior Analyst supports the delivery of cybersecurity consulting services, with a primary focus on Microsoft security technologies (Microsoft 365, Azure, Microsoft Defender, and Microsoft Sentinel). This role is hands-on in client environments and works closely with consulting leads who manage most client communications. The Senior Analyst executes assigned technical tasks, performs analysis, and produces high-quality documentation and deliverables that consultants use in client presentations and recommendations.u00a0 This position is ideal for someone who is comfortable operating independently on defined workstreams (e.g., vulnerability management, security monitoring support, identity reviews, configuration assessments) while still collaborating closely with senior consultants/architects for direction and quality assurance.u00a0 POSITION RESPONSIBILITIESu00a0 1.u00a0Engagement Delivery Support (Consultant-led execution)u00a0 + Execute scoped technical tasks in client environments under direction of the engagement Consultant/Lead (e.g., configuration exports, evidence capture, running approved scripts/queries,u00a0validatingu00a0settings).u00a0u00a0 + Track assigned tasks, dependencies, and blockers; escalate issues early with proposed options.u00a0u00a0 + Coordinate primarily with internal consulting staff; join select client meetings as needed for technical context or note-taking (client communication typically routed through the Consultant/Lead).u00a0 2. Microsoft Identity & Access Management Support (Entra ID / Azure AD)u00a0 + Perform identity posture reviews: privileged role assignments, admin hygiene, MFA coverage, legacy authentication exposure, risky sign-ins context gathering, and guest/external access posture.u00a0u00a0 + Support Conditional Access initiatives by documenting policy intent, performing impact analysis (who/what is affected),u00a0validatingu00a0implementation results, and capturing evidence.u00a0u00a0 + Assistu00a0with access governance activities (e.g., access reviews status, group/role hygiene, application registration/service principal inventory support).u00a0 3. Microsoft 365u00a0Email & Collaborationu00a0Security Supportu00a0 + Support validation of key M365 security controls such as anti-phishing/anti-spam policy posture, Safe Links/Safe Attachments configuration evidence, and tenant security settings.u00a0u00a0 + Assistu00a0with basic domain/email authentication,u00a0posture checks (SPF/DKIM/DMARC status documentation and recommendations).u00a0u00a0 + Support evidence gathering and documentation for collaboration/data controls (e.g., SharePoint/OneDrive sharing posture, baseline checks) as scoped by the engagement lead.u00a0 4. Endpoint & Device Security Supportu00a0(Defender,u00a0SentinelOne, Intune, JAMF)u00a0 + Validate endpoint security onboarding coverage and basic posture (e.g., sensor health, policy application status, and tamperu00a0protection evidence).u00a0u00a0 + Support collection of endpoint investigation context (alert/device timeline exports, event/log context gathering) asu00a0permittedu00a0by client procedures.u00a0u00a0 + Assistu00a0with documenting endpoint hardening gaps and recommended next steps foru00a0Consultantu00a0review.u00a0 5. Security Monitoring Support (Microsoft Sentinel / Microsoft Defender)u00a0 + Support monitoring operations: incident queue review support, connector health checks, data onboarding validation, and log source verification.u00a0u00a0 + Write, adapt, and run KQL queries to support investigations, reporting, and validation of detections (withinu00a0defined scope and review processes).u00a0u00a0 + Assistu00a0with documentation of analytics rules, triage guidance, escalation criteria, and operational runbooks; propose tuning recommendations based on alert quality/noise.u00a0 6. Vulnerability Management & Exposure Supportu00a0 + Coordinate vulnerability scanning (e.g., Tenable/Qualys): scheduling, scope validation, credentialed scan setup (where applicable), and scan quality troubleshooting.u00a0u00a0 + Normalize results,u00a0validateu00a0false positives, and organize findings into actionable themes for remediation planning.u00a0u00a0 + Maintain remediation trackers, support retesting/closure evidence, and produceu00a0executive summaries of metrics and trends.u00a0 7. Azure Security Supportu00a0 + Support Azure posture reviews through evidence collection and validation of secure configuration items (e.g., RBAC review inputs, logging/diagnostics settings, resource inventory exports).u00a0u00a0 + Assistu00a0with triage/documentation of Microsoft Defender for Cloud recommendations and improvement plans.u00a0u00a0 + Support collection of evidence aligned to secure landing zone principles.u00a0 8. Incident Response Supportu00a0 + Support investigations by gathering artifacts/logs, building basic timelines, and documenting actions taken.u00a0u00a0 + Follow defined playbooks and escalation criteria;u00a0assistu00a0with containment actions only when directed and approved.u00a0u00a0 + Support tabletop exercises and post-incident documentation (lessons learned, playbook updates).u00a0 9. Reporting, Deliverables, and Quality Controlu00a0 + Draft findings, evidence narratives, and remediation recommendations foru00a0Consultantu00a0review.u00a0u00a0 + Build andu00a0maintainu00a0engagement artifacts (spreadsheets, trackers, diagrams, working papers, dashboards) used in client-ready deliverables.u00a0u00a0 + Perform QA on deliverables andu00a0evidence;u00a0accuracy checks, consistency, completeness, and professional presentation.u00a0 REQUIRED QUALIFICATIONS, SKILLS, AND EXPERIENCEu00a0 + 3-5u00a0yearsu00a0inu00a0cybersecurity.u00a0 + Microsoft 365 administration and security configuration experience.u00a0 + Experience withu00a0PowerShell scripting (module development, Graph API, REST), automation runbooks, and CLI tooling.u00a0 + Hands-on IAM engineering: Conditional Access, MFA/passwordless, PIM/JIT, RBAC, access reviews,u00a0andu00a0useru00a0lifecycle (joiner/mover/leaver).u00a0 + Azure and Microsoft security engineering: Sentinel, Defender for Cloud, Microsoft 365 Defender, secure landing zones, logging/monitoring.u00a0 + Strong analytical and communication skills.u00a0 + Bacheloru2019s degree in a relevant field or equivalent experience.u00a0 CERTIFICATIONS (Currentu00a0or within 6 months)u00a0 + Microsoft Certified: Identity and Access Administrator Associate (SC-300).u00a0 + Microsoft Certified: Azure Security Engineer Associate (AZ-500).u00a0 + Strongly preferred: Cybersecurity Architect Expert (SC-100); Security Operations Analyst Associate (SC-200);u00a0CompTIA Security+.u00a0 ADDITIONALu00a0DESIRED, BUT NOT REQUIREDu00a0 + Experience integrating CrowdStrike Falcon with Microsoft security tools.u00a0 + Experience with Infrastructure-as-Code (Bicep/Terraform) and policy (Azure Policy, Defender for Cloud).u00a0 + Scripting beyond PowerShell (e.g., Python) for data analysis and automation.u00a0 + Experience with data protection and compliance controls (DLP, Purview).u00a0 + Priorityu00a0u00a0 + This role is open to remote candidates; however, preference will be given to thoseu00a0locatedu00a0in the Durham, NC areau00a0 Please note: This application may be reviewed in part by automated systems to helpu00a0identifyu00a0qualified candidates.u00a0 Powered by JazzHR

Created: 2026-02-09