Cybersecurity Operations Analyst II

In-Office or Remote Hiring Remotely in United States Mid level In-Office or Remote Hiring Remotely in United States Mid level The Cybersecurity Operations Analyst II handles incident response, monitoring, and vulnerability management in Microsoft 365 E5 environments, ensuring compliance and effective threat detection. The summary above was generated by AI

The Cybersecurity Operations Analyst II (COA2) is responsible for the initial triage and monitoring of security events, working exclusively in Microsoft 365 E5 environments, and helping to enforce CMMC 2.0 requirements.

The COA 2 is responsible for advanced incident response, proactive threat hunting, vulnerability lifecycle management, and escalation support for Microsoft 365 E5 customers. This role bridges the gap between COA 1 alert/triage and senior analyst/engineering roles, working in-depth with Microsoft Defender XDR, external SOCs, and industry-standard vulnerability tools like Qualys and Tenable.

Role & Responsibilities:

Advanced Threat Detection & Response

• Lead investigations of escalated alerts across the following:

• Defender for Endpoint

• Defender for Office 365

• Defender for Cloud Apps (MCAS)

• Defender for Identity (formerly ATA)

• Microsoft Defender XDR

• Correlate log and alert data to detect lateral movement, privilege escalation, anomalous behavior, and advanced persistent threats using Microsoft Defender data and investigative tools from external SOC vendors.

• Conduct live incident response across customer tenants (containment, eradication, recovery) in accordance with CMMC 2.0 and NIST 800-171 incident response standards.

• Coordinate post-incident documentation including RCA, timeline analysis, and recommendations.

Incident Handling & Response Support

• Assist senior analysts during active incidents by collecting logs, screenshots, and device/user activity history.

• Document timelines, observations, and artifacts to support root cause analysis and reporting.

• Conduct follow-up on low-risk alerts and phishing investigations (possibly with supervised guidance).

Customer Interaction & Ticket Management

• Document findings and updates in the SOC ticketing system with accuracy and clarity.

• Respond to basic client inquiries related to user behavior, alert definitions, or mitigation steps under supervision.

• Follow documented workflows to support CMMC 2.0 incident response requirements, including reporting timelines and evidence handling.

Threat Hunting & Detection Engineering Support

• Conduct proactive threat hunting using KQL queries in Microsoft Sentinel and hunting dashboards in Defender XDR.

• Assist with tuning analytics rules and alert thresholds and reducing false positives in detection logic.

• Work with external SOC services to tune rules and alert thresholds.

• Identify opportunities for new detections based on threat intelligence and customer risk profiles.

• Support configuration and optimization of Microsoft Sentinel data connectors, workbooks, automation rules, and response playbooks.

• Monitor log ingestion and telemetry gaps from M365 Defender products, Entra ID, and endpoint clients.

• Maintain detection signatures and IOCs provided by Microsoft, ISACs, or third-party feeds.

Vulnerability & Patch Management

• Manage operating system and third-party software patching cycles for customer environments.

• Prioritize and manage vulnerability remediation in coordination with infrastructure teams and customer needs.

• Perform vulnerability scans using Qualys, Tenable.io, or Nessus across hybrid and cloud environments.

• Analyze, prioritize, and track vulnerabilities by CVSS score, exploitability, and exposure relevance to customer mission.

• Collaborate with customer IT and endpoint teams to validate and remediate critical vulnerabilities in operating systems, applications, and Microsoft 365 services.

• Report on vulnerability trends and threat exposure as part of recurring customer security reviews.

Customer Engagement & Documentation

• Participate in high-touch incident communications and brief customers on security events, containment actions, and risk.

• Generate clear, actionable incident summaries and vulnerability reports tailored for both technical and executive audiences.

• Assist with compliance evidence collection during audits or IR tabletop exercises.

• Lead or assist in conducting security awareness training campaigns and tabletop exercises for customers.

• Assist in gathering and assembling audit evidence to support compliance assessments., The Associate Finance Director leads financial planning, reporting, and analysis, collaborates with teams to enhance profitability, and provides strategic financial insights., The Healthcare Analyst will ensure provider data accuracy through quality reviews, audits, and collaboration with stakeholders to improve processes and insights., Artificial Intelligence * Big Data * Healthtech * Information Technology * Machine Learning * Software * Analytics As a Health and Social Services RN, you will analyze, plan, implement, and manage individualized care strategies for members, ensuring they receive appropriate services and advocating for their needs throughout the care continuum. Top Skills: ExcelMs WordOutlook

What you need to know about the Colorado Tech Scene

With a business-friendly climate and research universities like CU Boulder and Colorado State, Colorado has made a name for itself as a startup ecosystem. The state boasts a skilled workforce and high quality of life thanks to its affordable housing, vibrant cultural scene and unparalleled opportunities for outdoor recreation. Colorado is also home to the National Renewable Energy Laboratory, helping cement its status as a hub for renewable energy innovation.

Key Facts About Colorado Tech

• Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
• Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
• Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
• Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
• Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
• Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute

• 3-5 years of cybersecurity experience, with at least 1 year in a SOC, IR, or detection-focused role.

• Strong knowledge of attacker TTPs, MITRE ATT&CK, and Zero Trust principles.

• Hands-on experience with Microsoft 365 E5 security stack.

• Familiarity with CMMC 2.0, NIST 800-171, and FedRAMP security controls.

• Experience conducting or responding to vulnerability scans and remediation workflows.

• Security+ or SC-900 certification

• Must be a U.S. citizen eligible for ITAR-compliant work.

Preferred:

• Certified Ethical Hacker (CEH)

• Microsoft SC-100, SC-200, SC-300, or SC-400 certifications