Job description

Location: Hybrid – Lorton, VA Clearance: U.S. Citizenship required; Active Clearance preferred or ability to obtain. On the first day of employment, candidates must visit HQ (compensated) to pick up equipment and complete in-person I-9 verification.. About the Role Industrial Security Integrators (ISI) is actively building a next-generation Security Operations Center (SOC) centered around the Microsoft security ecosystem. As part of our growing cybersecurity team, the SOC Analyst II will play a critical role in maturing our detection capabilities, tuning signal-to-noise ratios, and helping operationalize advanced features in the Microsoft 365 G5 stack. The SOC Analyst II will be a key member of our cybersecurity operations team, responsible for leveraging Microsoft 365 G5 technologies to hunt, detect, and respond to threats. You will help us build and tune our Microsoft Sentinel SIEM, automate workflows, and strengthen our overall security posture using the Microsoft ecosystem. Key Responsibilities • Operationalize Microsoft Sentinel as our central SIEM: design, implement, and tune analytics rules, workbooks, automation (Logic Apps), and connectors. • Manage and maintain Defender for Endpoint, Defender for Identity, Defender for Office 365, and Microsoft Defender Vulnerability Management (MDVM) across client and internal environments. • Perform advanced alert triage, correlation, and investigation using Microsoft security signals. • Write, tune, and manage KQL-based detection rules to reduce false positives and improve detection efficacy. • Utilize Power BI to create clear, informative dashboards for threat visibility and SOC metrics. • Support threat hunting activities across Microsoft 365 workloads and Azure infrastructure. • Collaborate with IT and engineering teams to ensure secure configurations of Microsoft Entra ID (formerly Azure AD) including Conditional Access, Identity Protection, and MFA policies. • Create and maintain detection runbooks, incident response guides, and client-facing artifacts. • Monitor emerging threats relevant to Microsoft environments and adapt detection logic accordingly. • Assist in onboarding new MSP clients into our Microsoft-based SOC workflows and toolsets. Required Qualifications • 3+ years of experience in a SOC, MDR, or threat detection role. • Proven hands-on experience with Microsoft Sentinel (KQL, analytic rules, playbooks, incident response workflows). • Strong knowledge of Microsoft Defender XDR suite: Defender for Endpoint, Identity, Office 365, and MDVM. • Familiarity with Microsoft Entra ID (formerly Azure AD), Conditional Access, and authentication protocols. • Comfort with scripting and automation (e.g., PowerShell, Logic Apps, or Sentinel playbooks). • Experience with Power BI for dashboard creation and reporting. • Solid understanding of attacker TTPs and frameworks like MITRE ATT&CK. • Experience supporting clients in multi-tenant or MSP environments. • Ability to communicate clearly with technical and non-technical stakeholders. Preferred Qualifications • Microsoft certifications such as: • SC-200: Microsoft Security Operations Analyst • SC-100: Microsoft Cybersecurity Architect • SC-300: Identity and Access Administrator • Experience in regulated environments (FedRAMP, CMMC, NIST 800-171). Why ISI? At ISI, we're building a modern SOC from the ground up using the Microsoft security stack, including Sentinel, Defender, and Entra. This is a high-impact role where you'll help shape our detection and response capabilities, support both internal and MSP environments, and work with FedRAMP-authorized tools in a mission-driven setting. If you're ready to go beyond alert triage and truly build, tune, and lead with Microsoft technologies — this is the place. Powered by JazzHR Xt7rwQOajE

Requirements