Position Summary
Provides 24x7 first-level security monitoring and alert triage across identity, Microsoft 365, endpoint, and Azure security platforms. Responsible for early detection, proper ticketing, and timely escalation of security events.
Required Skills
- Microsoft Entra ID (Basic Administration)
- Active Directory Authentication Monitoring
- Microsoft MFA
- Exchange Online Protection
- Trend Micro Endpoint & Email Security
- CyberArk EPM & PAM
- Azure Monitor
- Log Analytics
- Microsoft Defender (Monitoring Level)
- Basic PKI Awareness
- ITSM / Ticketing Tools
Key Responsibilities
- Monitor Entra ID sign-in logs and authentication alerts
- Perform first-level triage of suspicious login attempts
- Monitor MFA failures and abnormal sign-in patterns
- Review Exchange Online Protection spam/phishing alerts
- Monitor Trend Micro endpoint alerts
- Monitor CyberArk EPM & PAM
- Monitor Azure security dashboards and alert queues
- Create and update security incident tickets
- Perform initial investigation using defined runbooks
- Escalate confirmed threats to L2 Security Engineer
- Track certificate expiry alerts and notify L2 team
- Validate Conditional Access policy failures
- Maintain daily security monitoring reports
- Participate in shift handover documentation
- Ensure SLA compliance for ticket updates
- Maintain proper incident documentation and closure notes