About the role
First line of defence in our 24/7 Security Operations Centre. You will monitor, triage and investigate security alerts across client environments using Microsoft Sentinel and Wazuh — escalating confirmed threats and maintaining clear, accurate incident records.
What you will do
Monitor security alerts across client Microsoft Sentinel and Wazuh dashboards
Triage and investigate alerts — distinguishing true positives from false positives
Document findings clearly and escalate confirmed incidents to Tier 2 analysts
Maintain incident records and update runbooks as new threat patterns emerge
Participate in shift handovers and contribute to weekly threat hunting sessions
Support clients with initial communication during active security incidents
What we are looking for
Experience with SIEM platforms — Microsoft Sentinel preferred
Understanding of common attack techniques (phishing, lateral movement, credential abuse)
CompTIA Security+ or equivalent certification — or actively working towards it
Strong written communication — you will write plain-language summaries for clients
Comfortable working independently in a remote-first environment
Eligibility to work without restriction
Nice to have
These are not required — but they will help your application stand out.
Microsoft SC-200 certification
Experience with KQL (Kusto Query Language)
Exposure to MITRE ATT&CK framework
Prior SOC or help desk background