SOC ANALYST

Job Details

Full Time Shah Alam Security and Infrastructure Bachelor’s degree in Computer Science or a related field

About the role?

We are seeking a hands-on SOC Analyst to design and develop the SOC detection and response framework from the ground up.

Key Responsibilities

• SOC Rule & Policy Development.
• Design, build and tune custom KQL detection rules in Microsoft Sentinel and Defender XDR.
• Develop and enforce security baselines and Intune compliance policies across endpoints.
• Configure Defender for Endpoint, Defender for Identity and Defender for Cloud Apps policies to enhance visibility and detection coverage.
• SIEM/SOAR Configuration.
• Configure data connectors, data collection rules (DCR/DCE) and log analytics workspaces in Azure Sentinel.
• Define parsing, normalization and custom table schemas for non-native data sources.
• Develop automated playbooks (Logic Apps) to streamline alert enrichment, notification and escalation workflows.
• Alerting, Tuning & Incident Response.
• Create and maintain alert rules, analytic queries and automation rules to ensure actionable alerts with minimal false positives.
• Work closely with Tier 1/2 analysts to continuously tune rule thresholds and response triggers.
• Conduct threat hunting activities using advanced hunting queries in Defender XDR and Sentinel.
• Governance & Documentation.
• Develop and maintain the SOC policy framework, including alert handling, escalation matrix and severity classification.
• Document all rule sets, configurations and workflows in a structured SOC Knowledge Base.
• Collaborate with compliance teams to ensure alignment with ISO 27001, GDPR and company ISMS standards.
• Continuous Improvement.
• Research new threat vectors, detection techniques and Microsoft security feature updates.
• Participate in red/blue team simulations to validate detection and response coverage.

Requirements

• Minimum 3–5 years of SOC or Security Engineering experience.
• Strong understanding of SIEM/SOAR operations, log management and incident response workflows.
• Familiar with KQL (Kusto Query Language) and PowerShell scripting for automation.
• Knowledge of MITRE ATT&CK, NIST and ISO 27001 frameworks.
• Excellent problem-solving, documentation and analytical skills.
• Hands-on experience with Microsoft Defender XDR (Endpoint, Identity, Cloud Apps), Microsoft Sentinel (KQL, Analytic Rules, Logic Apps), Intune (Endpoint Security, Compliance Policies, Configuration Profiles) Entra ID / Azure AD Conditional Access Policies and Microsoft Purview (DLP, Insider Risk, Information Protection).