Security Analyst, Incident Response- 2nd and 3rd shift (after hours)- Remote
Security Operations Analyst (After-Hours Shift) Position Summary The IT Support & Security Operations Analyst is responsible for monitoring, triaging, and responding to security incidents during after-hours operations while providing technical support to end users as needed. This role serves as the first line of defense for cybersecurity events and ensures timely resolution of user issues within the Microsoft 365 and Windows environment.
Key Responsibilities
Security Operations & Incident Response (Primary Responsibility) Monitor and triage security alerts generated from enterprise security platforms. Investigate, analyze, and escalate security incidents according to established procedures. Perform initial incident response activities, including threat validation, containment recommendations, and documentation. Utilize security monitoring and endpoint protection tools, including: CrowdStrike Microsoft Defender Darktrace Grafana Additional security and monitoring platforms as required Maintain accurate incident records and communicate findings to appropriate teams. Support ongoing security operations by identifying suspicious activity and potential threats. End-User Support (Secondary Responsibility) Provide technical support to users operating in a Microsoft-based environment. Troubleshoot and resolve issues related to: Windows 10 and Windows 11 Microsoft 365 applications Outlook and Exchange Online Microsoft Teams Microsoft Defender Other Microsoft 365 services Assist users with account management and access-related requests. Perform administrative tasks within Microsoft 365, including: Group membership changes Role and permission assignments User account support License-related assistance (E3 and E5 environments) Escalate complex issues to appropriate support teams when necessary.
Required Qualifications
Experience supporting Windows 10 and Windows 11 environments. Familiarity with Microsoft 365 administration and user support. Experience working with Microsoft 365 E3 and/or E5 licensing environments. Knowledge of cybersecurity principles, security monitoring, and incident response processes. Hands-on experience with one or more of the following tools: CrowdStrike Microsoft Defender Darktrace Grafana Strong troubleshooting, analytical, and problem-solving skills. Excellent written and verbal communication abilities. Ability to prioritize multiple tasks and respond effectively in a fast-paced environment. AWS experience
Preferred Qualifications
Security certifications such as Security+, CySA+, SC-200, or equivalent. Experience working in a Security Operations Center (SOC) environment. Familiarity with Microsoft Entra ID (Azure AD), Exchange Online, and Microsoft Defender for Endpoint. Experience with ticketing and incident management systems. Work Schedule After-hours shift position. Primary focus on security monitoring and incident response. Secondary responsibility for end-user support and Microsoft 365 administration as operational needs require.