The Timberline Group Company
Security Analyst
The Timberline Group Company, St Louis, Missouri, United States
No C2C - Must reside in the US - Must be authorized to work in the US with NO Sponsorship
The Senior Security Analyst is responsible for monitoring, analyzing, and responding to security threats across a comprehensive security infrastructure. This includes utilizing tools such as Microsoft Sentinel, Defender for Endpoint, Defender for Identity, Defender for Cloud, and Azure Security Center. This role involves leveraging the Unified Security Platform to ensure the protection of the organization's information systems and data.
Key Responsibilities:
• Proactively monitor security events and alerts across the Microsoft Unified Security Platform and conduct investigation, containment, and remediation of complex security incidents, including provide root cause analysis and deliver detailed incident reports with remediation recommendations. • Use Kusto Query Language (KQL) to run regular queries for detecting patterns and anomalies. • Utilize analytics to identify unusual behavior and potential threats, including user and entity behavior analytics (UEBA) using Sentinel. • Correlate alerts from different sources to identify multi-stage attacks. • Regularly review and optimize threat hunting processes to identify and address hidden risks. • Leverage data sources such as network, endpoint, and cloud activity logs in Sentinel to create workbooks and dashboards for real-time monitoring. Additionally, automate responses to alerts using playbooks. • Conduct in-depth log analysis and enrichment to improve event visibility and detection. • Perform real-time threat hunting using MITRE ATT&CK tactics and techniques. • Monitor the effectiveness of endpoint protection policies within Microsoft Defender for Endpoint. • Analyze alerts for false positives/negatives and improve detection accuracy by tuning detection logic. • Conduct periodic reviews of user activity and behavioral analytics to detect insider threats or compromised accounts. • Stay updated on emerging threats and vulnerabilities, applying intelligence to enhance detection capabilities. • Coordinate with internal and external stakeholders to handle critical incidents effectively. • Utilize Microsoft Sentinel's threat intelligence feeds for real-time detection of emerging threats. • Mentor and train junior SOC analysts on Microsoft security tools, techniques, and best practices. • Lead threat simulation exercises and red team/blue team drills to assess SOC readiness. • Assist in creating and updating SOC documentation, including detection rules, runbooks, and workflows. • Create and manage incident response playbooks using Logic Apps for automated actions. • Provide recommendations for maturing SOC capabilities, leveraging Microsoft solutions.
Qualifications and Skills:
Technical Skills: • Experience in Microsoft Unified Security Platform: - Microsoft Sentinel (SIEM) - Microsoft Defender for Endpoint, Identity, and Cloud - Azure Security Center and related tools. • Experience with KQL (Kusto Query Language) for advanced log and data analysis. • Experience with forensic investigation, malware analysis, and memory forensics. • In-depth knowledge of incident detection and response workflows. • Familiarity with automation tools like PowerShell and Azure Logic Apps. • Strong understanding of security frameworks, including MITRE ATT&CK and NIST
Soft Skills: • Strong analytical and problem-solving abilities. • Excellent communication and collaboration skills. • Ability to work under pressure and manage multiple priorities. • Leadership and mentoring capabilities.
Professional Experience: • 5+ years of experience in cybersecurity, with at least 3 years specializing in SOC operations. • Proven expertise in using Microsoft security tools to handle complex security challenges.
Certifications (Preferred): • Microsoft Certified: Security Operations Analyst Associate • Certified Information Systems Security Professional (CISSP) or similar. • Certified Incident Handler (GCIH) or similar. Job Posting Start Date: 02/10/2025 Job Posting End Date: 02/09/2026 Solution Sector: Group 98 Location: Remote Onshore Physical Address: Minnesota
The Timberline Group
Phone: 636-209-5537
623 Missouri Ave #104, Sullivan, Mo 63080
www.timberlinegrp.com
resumes@timberlinegrp.com
"Delivering quality solutions through quality people"
The Senior Security Analyst is responsible for monitoring, analyzing, and responding to security threats across a comprehensive security infrastructure. This includes utilizing tools such as Microsoft Sentinel, Defender for Endpoint, Defender for Identity, Defender for Cloud, and Azure Security Center. This role involves leveraging the Unified Security Platform to ensure the protection of the organization's information systems and data.
Key Responsibilities:
• Proactively monitor security events and alerts across the Microsoft Unified Security Platform and conduct investigation, containment, and remediation of complex security incidents, including provide root cause analysis and deliver detailed incident reports with remediation recommendations. • Use Kusto Query Language (KQL) to run regular queries for detecting patterns and anomalies. • Utilize analytics to identify unusual behavior and potential threats, including user and entity behavior analytics (UEBA) using Sentinel. • Correlate alerts from different sources to identify multi-stage attacks. • Regularly review and optimize threat hunting processes to identify and address hidden risks. • Leverage data sources such as network, endpoint, and cloud activity logs in Sentinel to create workbooks and dashboards for real-time monitoring. Additionally, automate responses to alerts using playbooks. • Conduct in-depth log analysis and enrichment to improve event visibility and detection. • Perform real-time threat hunting using MITRE ATT&CK tactics and techniques. • Monitor the effectiveness of endpoint protection policies within Microsoft Defender for Endpoint. • Analyze alerts for false positives/negatives and improve detection accuracy by tuning detection logic. • Conduct periodic reviews of user activity and behavioral analytics to detect insider threats or compromised accounts. • Stay updated on emerging threats and vulnerabilities, applying intelligence to enhance detection capabilities. • Coordinate with internal and external stakeholders to handle critical incidents effectively. • Utilize Microsoft Sentinel's threat intelligence feeds for real-time detection of emerging threats. • Mentor and train junior SOC analysts on Microsoft security tools, techniques, and best practices. • Lead threat simulation exercises and red team/blue team drills to assess SOC readiness. • Assist in creating and updating SOC documentation, including detection rules, runbooks, and workflows. • Create and manage incident response playbooks using Logic Apps for automated actions. • Provide recommendations for maturing SOC capabilities, leveraging Microsoft solutions.
Qualifications and Skills:
Technical Skills: • Experience in Microsoft Unified Security Platform: - Microsoft Sentinel (SIEM) - Microsoft Defender for Endpoint, Identity, and Cloud - Azure Security Center and related tools. • Experience with KQL (Kusto Query Language) for advanced log and data analysis. • Experience with forensic investigation, malware analysis, and memory forensics. • In-depth knowledge of incident detection and response workflows. • Familiarity with automation tools like PowerShell and Azure Logic Apps. • Strong understanding of security frameworks, including MITRE ATT&CK and NIST
Soft Skills: • Strong analytical and problem-solving abilities. • Excellent communication and collaboration skills. • Ability to work under pressure and manage multiple priorities. • Leadership and mentoring capabilities.
Professional Experience: • 5+ years of experience in cybersecurity, with at least 3 years specializing in SOC operations. • Proven expertise in using Microsoft security tools to handle complex security challenges.
Certifications (Preferred): • Microsoft Certified: Security Operations Analyst Associate • Certified Information Systems Security Professional (CISSP) or similar. • Certified Incident Handler (GCIH) or similar. Job Posting Start Date: 02/10/2025 Job Posting End Date: 02/09/2026 Solution Sector: Group 98 Location: Remote Onshore Physical Address: Minnesota
The Timberline Group
Phone: 636-209-5537
623 Missouri Ave #104, Sullivan, Mo 63080
www.timberlinegrp.com
resumes@timberlinegrp.com
"Delivering quality solutions through quality people"