Found Description
Key Responsibilities
Alert Triage & Investigation
- Monitor client security environments across SIEM, EDR, email security, and identity platforms throughout assigned shift using Microsoft Sentinel and Defender XDR dashboards.
- Acknowledge, assess, and prioritize incoming security alerts within defined SLA windows; distinguish true positives from false positives using structured triage methodology.
- Conduct end‑to‑end investigation of assigned incidents — correlating signals across log sources, mapping observed behavior to MITRE ATT&CK tactics and techniques, and determining blast radius.
- Execute containment and remediation actions per approved playbooks: host isolation, account disablement, token revocation, firewall rule deployment, and email quarantine.
- Escalate confirmed P1 security incidents to the SOC Manager with a complete investigation package — timeline, affected assets, indicators of compromise (IOCs), and re...