NeoSystems LLC
Cybersecurity Operations Analyst I
NeoSystems LLCUnited States2 days ago
Full-timeInformation Technology
Job Details

Description

Summary:

The Cybersecurity Operations Analyst I (COA 1) is responsible for the initial triage and monitoring of security events, working exclusively in Microsoft 365 E5 environments, and helping to enforce CMMC 2.0 requirements. COA 1 will work alongside senior analysts and engineers to identify suspicious activity, validate alerts, and support incident response workflows.

Role And Responsibilities

Monitoring and triage

  • Monitor alerts and notifications from Microsoft 365 Defender suite:
    • Defender for Endpoint
    • Defender for Office 365
    • Defender for Cloud Apps (MCAS)
    • Defender for Identity (formerly ATA)
    • Microsoft Defender XDR
  • Monitor for alerts from other alerting sources (such as external or outsourced Security Operations Center).
  • Perform initial triage of security alerts, determine false positives, and escalate true positives based on playbook criteria.
  • Review and classify incidents in Microsoft Sentinel or third-party SIEM tools according to severity and SLA guidelines.
  • Manage security operations tasks and assignments in ticketing system.
Incident handling and response support

  • Assist senior analysts during active incidents by collecting logs, screenshots, and device/user activity history.
  • Document timelines, observations, and artifacts to support root cause analysis and reporting.
  • Conduct follow-up on low-risk alerts and phishing investigations (possibly with supervised guidance).

Customer interaction and ticket management

  • Document findings and updates in the SOC ticketing system with accuracy and clarity.
  • Respond to basic client inquiries related to user behavior, alert definitions, or mitigation steps under supervision.
  • Follow documented workflows to support CMMC 2.0 incident response requirements, including reporting timelines and evidence handling.

Platform maintenance and log health

  • Review and report on log ingestion health from Defender, Entra ID, and endpoint agents across customer tenants as required.
  • Assist in onboarding new clients to SOC monitoring tools and validating telemetry and log collection flows.
  • Identify noisy or misconfigured alert rules and report recommendations to senior analysts.
  • Assist in gathering and assembling audit evidence to support compliance assessments.

Vulnerability and patch management

  • Manage operating system and third-party software patching cycles for customer environments.
  • Prioritize and manage vulnerability remediation in coordination with infrastructure teams and customer needs.
  • Leverage Microsoft Defender Vulnerability Management (MDVM) and MDE APIs for continuous hygiene improvement.

Qualifications

  • 1–2 years of experience in IT support, help desk, cybersecurity, or SOC environment (or relevant degree with internship/entry-level experience).
  • Familiarity with Windows event logs, Microsoft 365 audit logs, and endpoint activity.
  • Basic understanding of cybersecurity concepts, attack vectors, and threat modeling.
  • Comfortable with Microsoft 365 environments and cloud-native tooling.
  • Strong written communication skills for documentation and customer updates.
  • Security+ or SC-900 certification
  • Must be a U.S. citizen eligible for ITAR-compliant work.

Preferred Skills

  • Exposure to Microsoft Defender XDR
  • Microsoft SC-100 or SC-200 certification
  • Understanding of CMMC and NIST 800-171 requirements
  • Knowledge of the MITRE ATT&CK framework

Additional Notes

  • Ability to travel

EOE M/F/D/V

Key Skills

Ranked by relevance
Apply