Posted on

Reference #: 7199
Location: Remote
Type: Sub-contract

Donna Cona Inc. is currently seeking a Sr. Security Operations Centre Analyst, for one of our key government clients.  The Security Operations Centre Analyst will play a crucial role in fortifying security posture by merging various sources of evidence to elucidate security incidents and formulate remediation steps. Expertise will be pivotal in bolstering cloud defenses and safeguarding users against evolving security threats.

Candidate MUST have the following:

  • 8+ years of experience as a Security Analyst;
  • Prior experience in a Security Operations Center and a technical support/helpdesk environment with a focus on cybersecurity;
  • Proficiency in responding to, investigating, and recovering from compromise and data breach events;
  • Implement optimal security measures and controls aligning with industry best practices for cloud services like M365, inclusive of Azure AD, Exchange, SharePoint, OneDrive, Zoom, and Teams;
  • Familiarity with various types of Multi-factor authentication for both on-premise and cloud-based infrastructure;
  • Analyze infrastructure segments including firewalls, syslog systems, and central identity platforms from vendors like Cisco, PaloAlto, and/or ZScaler to assess and investigate security incidents or Indicators of Compromise (IoCs);
  • Maintain a keen awareness of IT security trends and events;
  • Propose security enhancements and monitor networks for breaches, investigating violations as they occur;
  • Assist in developing security standards and best practices for both cloud computing and on-premise environments;
  • Resolve security incidents across M365 (e.g., M 365, Entra, and Microsoft Defender for Endpoint) and Microsoft (Azure, Corporate Security, etc.) ecosystems;
  • Utilize Azure Sentinel and associated solutions for incident management and threat response;
  • Demonstrate a rich history of working in security teams with diverse responsibilities spanning engineering, security operations, and cybersecurity investigations;
  • Exhibit excellent communication skills and situational awareness, working synergistically with technical specialists and system administrators;
  • Deep comprehension of Security Operations Center and Security Incident Response Team processes and procedures;
  • Understanding of a myriad of attack vectors, threat tactics, and attacker techniques, encompassing phishing, Advanced Persistent Threats (APTs), Malware, DDoS, Exploits, etc.;
  • Proven ability to drive change through learnings from incidents via Post Incident Reviews (PIR) / After-Action Reports / Post-Mortems, etc.;
  • Eager to work in a continuous learning environment with matrixed responsibilities across peer teams, thriving on daily innovative problem-solving challenges;
  • Familiarity with attack and detection frameworks like MITRE ATT&CK framework, good knowledge of the cyber kill-chain model, and modern red team tactics and techniques;
  • Ability to thrive in ambiguous situations and adapt favorably to change;
  • Possession of certifications like CompTia Security+, GIAC; GCIA, GCIH, GCFE, GCFA;
  • Preference for security-related certifications like CISSP, CEH, M365 Security Admin, Azure Security Associate;
  • Proficiency with KQL, logic apps, flow, and Power Automate;
  • Understanding of Government security and compliance requisites;
  • Compile incident reports and submit to Director of ICT;
  • Catalog all incident reports and resolutions in ticketing solution and SharePoint repository;
  • Document resolution under incident categories in the security tools;
  • Knowledge of CNAPP solution i.e. Defender for Cloud; and
  • Understanding of SOC Activities, triage, investigation, and response.

Candidate SHOULD have the following demonstrated experience:

  • Prioritize, triage, and validate security alerts and issues to confirm incidents;
  • Conduct advanced analysis on confirmed incidents to ascertain root cause and impact;
  • Collaborate with cross-functional teams to devise and potentially execute incident mitigation and remediation plans;
  • Assess security risks and their ramifications on the Microsoft Cloud platform and other online services;
  • Generate technical documentation for guidance of other analysts and teams;
  • Support cross government incidents and crisis management;
  • Engage in advanced threat hunting to identify and mitigate potential threats proactively;
  • Employ Kusto Query Language (KQL) for complex data querying, analysis, and incident investigation in Microsoft Sentinel and Azure Data Explorer;
  • Assess the existing Sentinel Analytical rules; and
  • Fine tune Sentinel Analytical rules as needed.

Donna Cona is committed to a diverse, equitable and inclusive workplace. We are an equal opportunity employer.  We don’t discriminate on the basis of gender, gender identity, sexual orientation, race, national origin, disability, age or any other protected status.   We are committed to maintaining a barrier free recruitment process by providing equal employment opportunities through recruiting and retention of individuals. 

  • To apply for this position please complete the form below.
  • Max. file size: 20 MB.
    Please note that these must be in one document, and can be in .docx, .doc, .pdf or .rtf formats
  • This field is for validation purposes and should be left unchanged.