Required (Minimum Necessary) Qualifications
• High School or GED-General Educational Development-GED Diploma
• Bachelor’s degree in computer science or equivalent is preferred
• Minimum of five years hands-on experience
• Proven experience detecting, triaging, and responding to cyber incidents across enterprise networks and cloud environments.
• Proficiency with SIEM, EDR/XDR platforms, and forensic tools.
• Strong understanding of threat actor TTPs, MITRE ATT&CK framework, and incident containment strategies.
• Ability to analyze network traffic, logs, and endpoint telemetry to identify malicious activity.
• Familiarity with malware analysis, reverse engineering basics, and memory analysis concepts
• Experience developing and tuning detection rules, playbooks, and automated response workflows.
• Working knowledge of incident response frameworks (e.g., NIST SP 800-61, SANS).
• Understanding of vulnerability management, threat intelligence integration, and SOC metrics/reporting.
• Understanding of basic computer and networking technologies.
o Windows and Linux/Unix operating systems
o Networking technologies (routing, switching, VLANs, subnets, firewalls)
o Common networking protocols – SSH, SMB, SMTP, FTP/SFTP, HTTP/HTTPS, DNS, etc.
o Common enterprise technologies – Active Directory, Group Policy, and the Microsoft Azure suite of cloud services.
o Understanding of current system logging technology and retrieving information from a plethora of technology platforms.
Knowledge, Skills, Abilities, and Other Characteristics
• Ability to work well in a team environment.
• Self-starter with ability to work with little supervision.
• Willingness to take on and adapt to new, open-ended tasks for which there is no current standard operating procedure.
• Ability to research independently and self-teach.
• Strong analytical and decision-making skills under pressure.
• Excellent written and verbal communication, including incident documentation and executive briefings.
• Ability to lead investigations, mentor junior analysts, and collaborate with cross-functional teams.
Preferred
• Interest in security/hacking culture. Ability to “think like an attacker”
• General cybersecurity certifications (one or more of the following preferred):
o CompTIA Security+
o CompTIA Cybersecurity Analyst (CySA+)
o Certified Ethical Hacker (CEH)
o GIAC Certified Incident Handler (GCIH)
• Any cloud security certification, especially:
o CompTIA Cloud+
o Certified Cloud Security Professional (CCSP)
o Cloud Security Alliance Certificate of Cloud Security Knowledge (CCSK)
• Any Microsoft 365/Azure cybersecurity certification, especially:
o Microsoft Certified: Security Operations Analyst Associate (SC-200)
o Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900)
o Microsoft Certified: Azure Fundamentals (AZ-900)
o Microsoft Certified: Azure Security Engineer Associate (AZ-500)
• Familiarity with the Microsoft 365 and Microsoft Azure suite of products, including Microsoft Sentinel and Microsoft 365 Defender.
• Knowledge of common enterprise technologies, policies, and concepts such as:
o Microsoft Sentinel SIEM
o Kusto Query Language (KQL)
o Mobile device technologies (iOS, Android)
o Scripting experience (PowerShell, Python, etc.)
o Microsoft Power BI
o Azure DevOps
• Artificial Intelligence (AI) / Machine Learning (ML) expertise
o In-depth knowledge of AI and ML concepts.
o How to practically apply AI/ML technologies to enhance cyber threat hunting and incident response capabilities.
o Experience with specific AI services offered within Microsoft Azure.
Never miss an opportunity! Create an alert based on the job you applied for.
