atmosera - Information Security Analyst (Remote - LATAM)
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• 1+ years of experience in a Security Operations Center or related security role • Hands-on experience with SIEM platforms (Microsoft Sentinel preferred) • Experience analyzing logs from one or more of the following: • Azure / Entra ID • Microsoft Defender (Endpoint, Identity, Cloud, Office 365) • Windows / Linux systems • Network security tools (firewalls, IDS/IPS) • Cloud Security Posture Management - Defender for Cloud • Basic understanding of incident response processes and frameworks • Strong analytical and investigative skills • Experience with Microsoft security ecosystem: • Microsoft Sentinel • Microsoft Defender XDR • Microsoft Defender for Cloud • Familiarity with KQL for log analysis and threat hunting • Understanding of MITRE ATT&CK framework and common attack techniques • Experience in an MSSP or multi-tenant environment • Relevant certifications: • Microsoft SC-200 (Security Operations Analyst) • CompTIA Security+ or equivalent • ## Competencies and Attributes • Ability to make accurate triage decisions under pressure • Strong written and verbal communication skills • Attention to detail and evidence-based analysis • Ability to follow and improve structured investigation processes • Adaptability in a high-volume, alert-driven environment • ## Work Environment and Expectations • Participation in a 24x7 SOC shift model may be required • Exposure to high-volume alert environments requiring prioritization and efficiency • Collaboration with geographically distributed teams and client stakeholders • Continuous learning and development in Azure security and threat detection • This is a contractor position in the United States with the ability to work from home but may require travel to a client site.
Responsibilities
• Security Monitoring and Alert Triage • Monitor security alerts and incidents in Microsoft Sentinel, Defender XDR, and Defender for Cloud • Triage incoming alerts to determine severity, impact, and required response actions • Differentiate between false positives, benign activity, and actionable threats using established playbooks • Perform continuous monitoring of cloud, identity, endpoint, and network telemetry • Incident Investigation and Response • Investigate suspicious activity across Azure, Entra ID, Microsoft Defender XDR, and integrated data sources • Correlate logs, events, and indicators to establish timelines and determine root cause • Escalate confirmed or high-risk incidents to senior analysts or incident response teams • Execute or recommend containment actions in accordance with defined procedures • Log Analysis and Detection Support • Utilize Kusto Query Language (KQL) and Log Analytics to analyze security data • Correlate events across identity, endpoint, network, and cloud workloads • Identify trends, anomalies, and patterns indicative of malicious activity • Provide input into detection tuning and rule optimization efforts • Documentation and Reporting • Create and maintain detailed, audit-defensible investigation notes and case records • Document all triage decisions, escalation rationale, and response actions • Produce incident summaries and reporting for internal stakeholders and clients • Participate in shift handoffs and maintain continuity of ongoing investigations • Threat Intelligence and Continuous Improvement • Stay informed on emerging threats, vulnerabilities, and attack techniques • Participate in post-incident reviews and contribute to process improvements • Support tuning efforts to reduce false positives and improve detection fidelity • Collaboration and Client Support • Work within a multi-tenant MSSP environment supporting multiple client environments • Collaborate with engineering, incident response, and client-facing teams • Provide clear and professional communication during incident escalations • Support service delivery objectives, SLOs, and operational metrics
No credit card. Takes 10 seconds.