Microsoft Security Operations Center (SOC) Analyst

Microsoft Security Operations Center (SOC) AnalystSeattle, WA (Contract W2 Hourly, Hybrid) Why clients choose Pivotal Consulting: We are a technology management consulting firm helping Fortune 500 companies improve their performance – we specialize in making People, Process, and Technology work together! Our clients count on us to deliver excellence and seek our guidance on business and technology strategy, technology modernization, and cloud transformation initiatives. Simply put, by listening to our clients closely and focusing on delivering quality, we bring them peace of mind. After guiding and helping numerous clients from global enterprises to mid-market firms to non-profit organizations, we are now experiencing breakthrough growth! The impact you will have: As a relationship driven and customer focused professional, you will help us continue providing our clients with the quality of work that they have come to know us by. About the role: We are seeking a highly skilled and experiencedMicrosoft Security Operations Center (SOC) Analystto join our dedicated technology solutions team. This role is a specialized position focused on advanced threat detection, assessment, and the critical function ofvalidating and grading outputs from our security AI and machine learning models.The ideal candidate is a security data expert with deep technical skills in Microsoft's security ecosystem and advanced proficiency in KQL. What you will do: • AI/ML Validation and Refinement:Act as the human-in-the-loop, responsible fortagging, grading, and labeling security data and outcomes generated by AI/ML detection models(e.g., from Microsoft Sentinel, Defender). Provide feedback to data scientists and engineers to continuously improve model accuracy and reduce false positives. • Expert Threat Hunting:Proactively and systematically hunt for sophisticated threats across the environment using advanced methodologies. Develop, document, and execute complex threat-hunting queries usingKQL (Kusto Query Language)over the Microsoft data lake and Azure security tables (e.g., security events, network flows, process executions). • Incident Response and Triage:Serve as an escalation point for complex security alerts. Conduct in-depth analysis of incidents, determine the scope of compromise, and provide clear, actionable containment and remediation recommendations. • Data Expertise and Schema Mastery:Maintain expert-level knowledge of Microsoft's security data schemas, including tables withinAzure Sentinel/Log Analytics(SecurityEvent, SigninLogs, DeviceProcessEvents, etc.) and the wider Microsoft 365 Defender suite. • Content Development:Develop high-fidelity custom detection rules, watchlists, hunting queries, and automated playbooks within the Microsoft Sentinel platform. • Reporting and Communication:Prepare detailed reports on emerging threats, hunting activities, and the performance metrics of AI models for security leadership and engineering teams. • Process Improvement:Identify gaps in current monitoring, detection, and response capabilities and propose solutions to enhance the overall security posture. What makes you a good fit: • Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience. • Minimum of5 yearsof experience working in a Security Operations Center (SOC), Threat Intelligence, or Incident Response role. • Security Data Proficiency (Expert):Deep understanding of security data types, sources, and log structures necessary for effective analysis and hunting (Windows events, network data, endpoint telemetry, cloud audit logs). • KQL Mastery:Advanced, proven expertise in KQLis mandatory, including the ability to write complex, performant, and multi-stage queries (e.g., using join, mv-expand, make_list, bag_unpack) to extract insights from massive datasets. • Microsoft Security Stack Experience:Extensive hands-on experience with Microsoft's unified security platforms, including: • Microsoft Sentinel (SIEM/SOAR) • Microsoft 365 Defender (Endpoint, Identity, Cloud Apps) • Azure Security Center/Defender for Cloud • Threat Hunting Methodology:Solid understanding of MITRE ATT&CK framework and experience applying hypothesis-driven hunting techniques. • Analytical Abilities:Exceptional critical thinking and analytical skills to quickly synthesize data and draw accurate conclusions under pressure. • Certifications (Preferred):Relevant industry certifications such as GIAC GCTI, GIAC GCFA, Microsoft SC-200 (Security Operations Analyst Associate), or equivalent. Why our employees love working at Pivotal: We believe our strength comes from our differences, and as a Certified Minority-Owned Business (MBE) and a majority women-led firm, we are committed to fostering and promoting a culture of diversity and inclusion. We believe our team and our community are our greatest assets and we strive to promote both daily. From providing our employees the time to pursue company-sponsored certifications, to supporting and partnering with multiple non-profit organizations brought forth by our employees (such as Food Lifeline, United Way, and the Seattle Humane Society), we are proud to support both our fellow Pivotalites and the causes close to their hearts. As we grow, we are anchored and driven by our Four Core Values: • Be Engaged – We are present, committed, and accountable to our clients and to each other • Consistently Deliver – We are dedicated and reliable by consistently delivering excellence • Always Better – We continuously evolve, inspired to drive beyond the everyday norm • Do Happy – Be passionate and bring fun and creativity into everything you do Compensation, Diversity and Benefit Information: The pay range for this position in Washington is $50 - $80/hr.; however, base pay offered may vary depending on job-related knowledge, skills, candidate location, and experience. Pivotal Consulting is committed to creating and supporting a diverse and inclusive team and serving all communities. All qualified applicants will be considered for employment regardless of race, gender, gender identity or expression, sexual orientation, religion, national origin, disability, age or veteran status. Pivotal Consulting offers a comprehensive benefit package, including medical, dental and vision insurance, 401k, and paid time off.