Job Description

This role is contingent with federal contracting personnel and supports federal IT operations. The SIEM Analyst will support GPO’s Security Operations Center (SOC) by providing daily monitoring, log analysis, threat detection, and incident response. This role focuses on the operational use of Microsoft Sentinel and related SIEM technologies to ensure visibility, security event correlation, and rapid response to potential threats. Key responsibilities include:
- Reviewing and normalizing log data from various systems and applications.
- Analyzing and correlating logs to identify suspicious activity across endpoints, servers, and network devices.
- Monitoring Microsoft Sentinel for security events, managing alerts, and tuning detection rules.
- Disseminating threat intelligence to SOC team members and updating detection baselines.
- Supporting continuous improvement by identifying gaps in logging coverage and recommending efficiency improvements.
- Providing regular operational updates, assisting in quarterly security reviews, and maintaining clear documentation of findings and actions.
- Assisting with automated response workflows to enhance investigation speed and accuracy.
- Responding to incidents, escalating critical issues to SOC leadership, and recommending best practices for containment and remediation.
- Supporting 24×7×365 security monitoring activities as part of the SOC team. Required Qualifications:
- Minimum 3 years’ experience in SIEM monitoring and analysis, preferably in GCC‑H/GCC cloud environments.
- Hands-on expertise with Microsoft Sentinel or similar SIEM platforms.
- Knowledge of log analysis, syslog/CEF formats, and threat detection techniques.
- Familiarity with endpoint and network security tools (e.g., Microsoft Defender, Trellix, firewall logs, AD user behavior monitoring).
- Strong analytical, communication, and documentation skills to support incident reporting and SOC operations.

Job Tags

Similar Jobs