SOC Analyst

Role Description
To design and develop the SOC detection and response framework from the ground up.

Responsibilities

  • SOC Rule & Policy Development:
    ✓ Design, build and tune custom KQL detection rules in Microsoft Sentinel and Defender XDR.
    ✓ Develop and enforce security baselines and Intune compliance policies across endpoints.
    ✓ Configure Defender for Endpoint, Defender for Identity and Defender for Cloud Apps policies to enhance
    visibility and detection coverage.
  • SIEM/SOAR Configuration:
    ✓ Configure data connectors, data collection rules (DCR/DCE) and log analytics workspaces in Azure
    Sentinel.
    ✓ Define parsing, normalization and custom table schemas for non-native data sources.
    ✓ Develop automated playbooks (Logic Apps) to streamline alert enrichment, notification and escalation
    workflows.
  • Alerting, Tuning & Incident Response:
    ✓ Create and maintain alert rules, analytic queries and automation rules to ensure actionable alerts with
    minimal false positives.
    ✓ Work closely with Tier 1/2 analysts to continuously tune rule thresholds and response triggers.
    ✓ Conduct threat hunting activities using advanced hunting queries in Defender XDR and Sentinel.
  • Governance & Documentation:
    ✓ Develop and maintain the SOC policy framework, including alert handling, escalation matrix and severity
    classification.
    ✓ Document all rule sets, configurations and workflows in a structured SOC Knowledge Base.
    ✓ Collaborate with compliance teams to ensure alignment with ISO 27001, GDPR and company ISMS
    standards.
  • Continuous Improvement:
    ✓ Research new threat vectors, detection techniques and Microsoft security feature updates.
    ✓ Participate in red/blue team simulations to validate detection and response coverage.

Requirements

  • Bachelor’s Degree in Computer Science, Information Technology, Engineering, or a related field.
  • Minimum 3 – 5 years of SOC or Security Engineering experience.
  • Strong understanding of SIEM/SOAR operations, log management and incident response workflows.
  • Familiar with KQL (Kusto Query Language) and PowerShell scripting for automation.
  • Knowledge of MITRE ATT&CK, NIST and ISO 27001 frameworks.
  • Excellent problem-solving, documentation and analytical skills.
  • Hands-on experience with Microsoft Defender XDR (Endpoint, Identity, Cloud Apps), Microsoft Sentinel (KQL, Analytic Rules, Logic Apps), Intune (Endpoint Security, Compliance Policies, Configuration Profiles), Entra ID / Azure AD Conditional Access Policies and Microsoft Purview (DLP, Insider Risk, Information Protection).

Job Type: Contract (12 Months Renewable)
Job Location: Selangor

Apply for this position

Allowed Type(s): .pdf, .doc, .docx