Cybersecurity Senior Analyst

JOB DESCRIPTION OVERVIEW

The Cybersecurity Senior Analyst supports the delivery of cybersecurity consulting services, with a primary focus on Microsoft security technologies (Microsoft 365, Azure, Microsoft Defender, and Microsoft Sentinel). This role is hands-on in client environments and works closely with consulting leads who manage most client communications. The Senior Analyst executes assigned technical tasks, performs analysis, and produces high-quality documentation and deliverables that consultants use in client presentations and recommendations.

This position is ideal for someone who is comfortable operating independently on defined workstreams (e.g., vulnerability management, security monitoring support, identity reviews, configuration assessments) while still collaborating closely with senior consultants/architects for direction and quality assurance.

POSITION RESPONSIBILITIES

1. Engagement Delivery Support (Consultant-led execution)

• Execute scoped technical tasks in client environments under direction of the engagement Consultant/Lead (e.g., configuration exports, evidence capture, running approved scripts/queries, validating settings).

• Track assigned tasks, dependencies, and blockers; escalate issues early with proposed options.

• Coordinate primarily with internal consulting staff; join select client meetings as needed for technical context or note-taking (client communication typically routed through the Consultant/Lead).

2. Microsoft Identity & Access Management Support (Entra ID / Azure AD)

• Perform identity posture reviews: privileged role assignments, admin hygiene, MFA coverage, legacy authentication exposure, risky sign-ins context gathering, and guest/external access posture.

• Support Conditional Access initiatives by documenting policy intent, performing impact analysis (who/what is affected), validating implementation results, and capturing evidence.

• Assist with access governance activities (e.g., access reviews status, group/role hygiene, application registration/service principal inventory support).

3. Microsoft 365 Email & Collaboration Security Support

• Support validation of key M365 security controls such as anti-phishing/anti-spam policy posture, Safe Links/Safe Attachments configuration evidence, and tenant security settings.

• Assist with basic domain/email authentication, posture checks (SPF/DKIM/DMARC status documentation and recommendations).

• Support evidence gathering and documentation for collaboration/data controls (e.g., SharePoint/OneDrive sharing posture, baseline checks) as scoped by the engagement lead.

4. Endpoint & Device Security Support (Defender, SentinelOne, Intune, JAMF)

• Validate endpoint security onboarding coverage and basic posture (e.g., sensor health, policy application status, and tamper protection evidence).

• Support collection of endpoint investigation context (alert/device timeline exports, event/log context gathering) as permitted by client procedures.

• Assist with documenting endpoint hardening gaps and recommended next steps for Consultant review.

5. Security Monitoring Support (Microsoft Sentinel / Microsoft Defender)

• Support monitoring operations: incident queue review support, connector health checks, data onboarding validation, and log source verification.

• Write, adapt, and run KQL queries to support investigations, reporting, and validation of detections (within defined scope and review processes).

• Assist with documentation of analytics rules, triage guidance, escalation criteria, and operational runbooks; propose tuning recommendations based on alert quality/noise.

6. Vulnerability Management & Exposure Support

• Coordinate vulnerability scanning (e.g., Tenable/Qualys): scheduling, scope validation, credentialed scan setup (where applicable), and scan quality troubleshooting.

• Normalize results, validate false positives, and organize findings into actionable themes for remediation planning.

• Maintain remediation trackers, support retesting/closure evidence, and produce executive summaries of metrics and trends.

7. Azure Security Support

• Support Azure posture reviews through evidence collection and validation of secure configuration items (e.g., RBAC review inputs, logging/diagnostics settings, resource inventory exports).

• Assist with triage/documentation of Microsoft Defender for Cloud recommendations and improvement plans.

• Support collection of evidence aligned to secure landing zone principles.

8. Incident Response Support

• Support investigations by gathering artifacts/logs, building basic timelines, and documenting actions taken.

• Follow defined playbooks and escalation criteria; assist with containment actions only when directed and approved.

• Support tabletop exercises and post-incident documentation (lessons learned, playbook updates).

9. Reporting, Deliverables, and Quality Control

• Draft findings, evidence narratives, and remediation recommendations for Consultant review.

• Build and maintain engagement artifacts (spreadsheets, trackers, diagrams, working papers, dashboards) used in client-ready deliverables.

• Perform QA on deliverables and evidence; accuracy checks, consistency, completeness, and professional presentation.

REQUIRED QUALIFICATIONS, SKILLS, AND EXPERIENCE

• 3-5 years in cybersecurity.

• Microsoft 365 administration and security configuration experience.

• Experience with PowerShell scripting (module development, Graph API, REST), automation runbooks, and CLI tooling.

• Hands-on IAM engineering: Conditional Access, MFA/passwordless, PIM/JIT, RBAC, access reviews, and user lifecycle (joiner/mover/leaver).

• Azure and Microsoft security engineering: Sentinel, Defender for Cloud, Microsoft 365 Defender, secure landing zones, logging/monitoring.

• Strong analytical and communication skills.

• Bachelor’s degree in a relevant field or equivalent experience.

CERTIFICATIONS (Current or within 6 months)

• Microsoft Certified: Identity and Access Administrator Associate (SC-300).

• Microsoft Certified: Azure Security Engineer Associate (AZ-500).

• Strongly preferred: Cybersecurity Architect Expert (SC-100); Security Operations Analyst Associate (SC-200); CompTIA Security+.

ADDITIONAL DESIRED, BUT NOT REQUIRED

• Experience integrating CrowdStrike Falcon with Microsoft security tools.

• Experience with Infrastructure-as-Code (Bicep/Terraform) and policy (Azure Policy, Defender for Cloud).

• Scripting beyond PowerShell (e.g., Python) for data analysis and automation.

• Experience with data protection and compliance controls (DLP, Purview).

• Priority

• This role is open to remote candidates; however, preference will be given to those located in the Durham, NC area

Please note: This application may be reviewed in part by automated systems to help identify qualified candidates.