Posted today
Public Trust
Unspecified
Unspecified
Tysons, VA (On-Site/Office)
OVERVIEW:
The Tier 1 Incident Responder plays a critical entry-level role in supporting the company's cybersecurity operations. This position is ideal for individuals seeking to launch or advance their career in cybersecurity by actively contributing to incident response and security monitoring. As a Tier 1 responder, you will be responsible for real-time monitoring of security alerts and events, conducting initial triage of potential threats, and escalating incidents as needed. You will assist with tuning detection & response tools, as well as building dashboards to improve visibility of risk through meaningful representations of data.
This role offers hands-on experience working within a Security Operations Center (SOC) environment, where you will learn to identify suspicious activity, analyze security data, and contribute to maintaining the effectiveness of incident response processes. You will work closely with experienced responders and engineers, gaining valuable mentorship and exposure to best practices in threat detection, compliance monitoring, and incident handling. The ideal candidate is enthusiastic about cybersecurity, has completed relevant training or possesses practical experience supporting incident response, and is eager to develop technical skills while making an immediate impact on organizational security.
GENERAL DUTIES:
REQUIRED QUALIFICATIONS:
DESIRED QUALIFICATIONS:
CLEARANCE:
The Tier 1 Incident Responder plays a critical entry-level role in supporting the company's cybersecurity operations. This position is ideal for individuals seeking to launch or advance their career in cybersecurity by actively contributing to incident response and security monitoring. As a Tier 1 responder, you will be responsible for real-time monitoring of security alerts and events, conducting initial triage of potential threats, and escalating incidents as needed. You will assist with tuning detection & response tools, as well as building dashboards to improve visibility of risk through meaningful representations of data.
This role offers hands-on experience working within a Security Operations Center (SOC) environment, where you will learn to identify suspicious activity, analyze security data, and contribute to maintaining the effectiveness of incident response processes. You will work closely with experienced responders and engineers, gaining valuable mentorship and exposure to best practices in threat detection, compliance monitoring, and incident handling. The ideal candidate is enthusiastic about cybersecurity, has completed relevant training or possesses practical experience supporting incident response, and is eager to develop technical skills while making an immediate impact on organizational security.
GENERAL DUTIES:
- Security Monitoring & Alert Triage
- Perform real-time monitoring of security alerts and events using Microsoft Defender for Cloud with response actions in Defender, Entra ID, and Intune.
- Conduct initial triage of potential threats, validate true positives vs. false positives, and escalate incidents according to SOC procedures.
- Document triage findings, timelines, and escalation notes in case management systems to ensure accurate incident tracking.
- Incident Response Support
- Perform evidence gathering, contextual analysis, and initial containment steps based on predefined playbooks in coordination with IT Director and CTO.
- Help identify patterns of suspicious behavior, account misuse, device compromise, or policy violations using Microsoft security tools.
- Participate in post-incident reviews by providing notes, data, and observations from Tier 1 analysis.
- Threat Hunting Assistance
- Support basic threat-hunting activities by reviewing Defender, Entra, and Intune logs for anomalies, suspicious authentications, device health issues, or emerging indicators of compromise.
- Surface trends or recurring alerts that may indicate misconfigurations or new attack techniques.
- Configuration, Policy, & Detection Maintenance
- Assist with updating and tuning security policies, rules, and configurations in:
- Microsoft Defender for Cloud (Azure Defender)
- Microsoft Entra ID (Identity Protection, Conditional Access)
- Microsoft Intune (Device compliance & endpoint security)
- Support optimization of alert rules, thresholds, and baselines to improve fidelity and reduce false positives.
- Contribute to maintaining and improving dashboards, workbooks, and security visualizations for operational reporting.
- Operational Support & Documentation
- Maintain accurate documentation of processes, configurations, and SOPs related to Tier 1 responsibilities.
- Follow established SOC workflows and contribute feedback to enhance operational maturity.
- Collaborate closely with senior analysts, engineers, and SOC leadership to improve monitoring and IR processes.
REQUIRED QUALIFICATIONS:
- High school diploma or equivalent (Associate's or Bachelor's nice to have but not required).
- Security Operations Fundamentals
- Understanding of core SOC functions, including alert monitoring, log analysis, incident triage, escalation, and documentation.
- Familiarity with common attack techniques, security events, and indicators of compromise.
- Microsoft Security & Endpoint Tools
- Practical experience (or training) using:
- Microsoft Defender for Cloud / Azure Defender
- Microsoft Entra ID (Identity Protection, Conditional Access)
- Microsoft Intune (Device compliance, endpoint configuration, and policy management)
- Ability to navigate dashboards, review logs, interpret alerts, and update policies within the Microsoft security ecosystem.
- Practical experience (or training) using:
- Analytical & Technical Skills
- Basic understanding of network, identity, and endpoint security concepts.
- Ability to analyze events, correlate information from multiple data sources, and distinguish normal from abnormal behavior.
- Strong attention to detail with the ability to follow structured procedures.
- Basic understanding of cybersecurity concepts such as:
- Malware vs. phishing
- Endpoint security
- Authentication/identity
- Ability to learn quickly-curiosity and persistence matter more than technical proficiency.
- Strong communication skills, especially writing clear notes during alert triage.
- Basic familiarity with Azure or Microsoft 365 portals (even free-tier playground experience counts).
- Experience:
- Completion of a cybersecurity bootcamp, junior SOC course, or labs, such as:
- TryHackMe SOC Analyst Path
- Microsoft Learn Defender for Endpoint modules
- AZ‑900 or SC‑900 coursework
- Intro to DFIR labs (even free ones)
- Completion of a cybersecurity bootcamp, junior SOC course, or labs, such as:
- Hands‑on lab experience with:
- Microsoft 365 Defender alerts
- Intune device compliance policies
- Entra ID sign‑in logs or Conditional Access
- Simulated phishing investigations
- Real-world SOC experience is NOT expected.
DESIRED QUALIFICATIONS:
- Microsoft Certified: Security Operations Analyst Associate
- Relevant certifications, such as Sec+ are also desirable.
CLEARANCE:
- US Citizenship required
group id: 90943786
