Monitor client security environments across SIEM, EDR, email security, and identity platforms throughout assigned shift using Microsoft Sentinel and Defender XDR dashboards.
Acknowledge, assess, and prioritize incoming security alerts within defined SLA windows; distinguish true positives from false positives using structured triage methodology.
Conduct end‑to‑end investigation of assigned incidents — correlating signals across log sources, mapping observed behavior to MITRE ATT&CK tactics and techniques, and determining blast radius.
Execute containment and remediation actions per approved playbooks: host isolation, account disablement, token revocation, firewall rule deployment, and email quarantine.
Escalate confirmed P1 security incidents to the SOC Manager with a complete investigation package — timeline, affected assets, indicators of compromise (IOCs), and re...