Security Analyst, Incident Response- 2nd and 3rd shift (after hours)- Remote

Security Operations Analyst (After-Hours Shift)

Position Summary

The IT Support & Security Operations Analyst is responsible for monitoring, triaging, and responding to security incidents during after-hours operations while providing technical support to end users as needed. This role serves as the first line of defense for cybersecurity events and ensures timely resolution of user issues within the Microsoft 365 and Windows environment.

Key Responsibilities

Security Operations & Incident Response (Primary Responsibility)

Monitor and triage security alerts generated from enterprise security platforms.

Investigate, analyze, and escalate security incidents according to established procedures.

Perform initial incident response activities, including threat validation, containment recommendations, and documentation.

Utilize security monitoring and endpoint protection tools, including:

CrowdStrike

Microsoft Defender

Darktrace

Grafana

Additional security and monitoring platforms as required

Maintain accurate incident records and communicate findings to appropriate teams.

Support ongoing security operations by identifying suspicious activity and potential threats.

End-User Support (Secondary Responsibility)

Provide technical support to users operating in a Microsoft-based environment.

Troubleshoot and resolve issues related to:

Windows 10 and Windows 11

Microsoft 365 applications

Outlook and Exchange Online

Microsoft Teams

Microsoft Defender

Other Microsoft 365 services

Assist users with account management and access-related requests.

Perform administrative tasks within Microsoft 365, including:

Group membership changes

Role and permission assignments

User account support

License-related assistance (E3 and E5 environments)

Escalate complex issues to appropriate support teams when necessary.

Required Qualifications

Experience supporting Windows 10 and Windows 11 environments.

Familiarity with Microsoft 365 administration and user support.

Experience working with Microsoft 365 E3 and/or E5 licensing environments.

Knowledge of cybersecurity principles, security monitoring, and incident response processes.

Hands-on experience with one or more of the following tools:

CrowdStrike

Microsoft Defender

Darktrace

Grafana

Strong troubleshooting, analytical, and problem-solving skills.

Excellent written and verbal communication abilities.

Ability to prioritize multiple tasks and respond effectively in a fast-paced environment.

AWS experience

Preferred Qualifications

Security certifications such as Security+, CySA+, SC-200, or equivalent.

Experience working in a Security Operations Center (SOC) environment.

Familiarity with Microsoft Entra ID (Azure AD), Exchange Online, and Microsoft Defender for Endpoint.

Experience with ticketing and incident management systems.

Work Schedule

After-hours shift position.

Primary focus on security monitoring and incident response.

Secondary responsibility for end-user support and Microsoft 365 administration as operational needs require.