Apply on Employer Site

Pivotal Consulting · 2 months ago

Microsoft Security Operations Center (SOC) Analyst

Seattle, WA

Full-time

Onsite

Senior Level

$50/hr - $80/hr

5+ years exp

Pivotal Consulting is a technology management consulting firm that specializes in helping Fortune 500 companies improve their performance. They are seeking a highly skilled Microsoft Security Operations Center (SOC) Analyst to focus on advanced threat detection, assessment, and validating outputs from security AI and machine learning models.

Cloud ManagementManagement ConsultingProject ManagementStaffing Agency

Growth Opportunities

Responsibilities

AI/ML Validation and Refinement: Act as the human-in-the-loop, responsible for tagging, grading, and labeling security data and outcomes generated by AI/ML detection models (e.g., from Microsoft Sentinel, Defender). Provide feedback to data scientists and engineers to continuously improve model accuracy and reduce false positives

Expert Threat Hunting: Proactively and systematically hunt for sophisticated threats across the environment using advanced methodologies. Develop, document, and execute complex threat-hunting queries using KQL (Kusto Query Language) over the Microsoft data lake and Azure security tables (e.g., security events, network flows, process executions)

Incident Response and Triage: Serve as an escalation point for complex security alerts. Conduct in-depth analysis of incidents, determine the scope of compromise, and provide clear, actionable containment and remediation recommendations

Data Expertise and Schema Mastery: Maintain expert-level knowledge of Microsoft's security data schemas, including tables within Azure Sentinel/Log Analytics (SecurityEvent, SigninLogs, DeviceProcessEvents, etc.) and the wider Microsoft 365 Defender suite

Content Development: Develop high-fidelity custom detection rules, watchlists, hunting queries, and automated playbooks within the Microsoft Sentinel platform

Reporting and Communication: Prepare detailed reports on emerging threats, hunting activities, and the performance metrics of AI models for security leadership and engineering teams

Process Improvement: Identify gaps in current monitoring, detection, and response capabilities and propose solutions to enhance the overall security posture

Qualification

KQL MasteryMicrosoft Security Stack ExperienceSecurity Data ProficiencyThreat Hunting MethodologyIncident ResponseAnalytical AbilitiesCertificationsContent DevelopmentProcess ImprovementCommunication

Required

Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience

Minimum of 5 years of experience working in a Security Operations Center (SOC), Threat Intelligence, or Incident Response role

Security Data Proficiency (Expert): Deep understanding of security data types, sources, and log structures necessary for effective analysis and hunting (Windows events, network data, endpoint telemetry, cloud audit logs)

KQL Mastery: Advanced, proven expertise in KQL is mandatory, including the ability to write complex, performant, and multi-stage queries (e.g., using join, mv-expand, make_list, bag_unpack) to extract insights from massive datasets

Microsoft Security Stack Experience: Extensive hands-on experience with Microsoft's unified security platforms, including Microsoft Sentinel (SIEM/SOAR), Microsoft 365 Defender (Endpoint, Identity, Cloud Apps), Azure Security Center/Defender for Cloud

Threat Hunting Methodology: Solid understanding of MITRE ATT&CK framework and experience applying hypothesis-driven hunting techniques

Analytical Abilities: Exceptional critical thinking and analytical skills to quickly synthesize data and draw accurate conclusions under pressure