[Remote] Senior Security Operations Analyst – Microsoft Sentinel

Note: The job is a remote job and is open to candidates in USA. Taxwell is a leading digital tax filing platform formed from the combination of Drake Software and TaxAct, offering best-in-class technology and customer support. They are seeking a Senior Security Operations Analyst who will be responsible for implementing, configuring, and optimizing security monitoring capabilities, particularly with Microsoft Sentinel, while supporting incident response and threat hunting activities.

Responsibilities

• Implement, configure, maintain, and optimize Microsoft Sentinel and related security monitoring technologies
• Onboard, troubleshoot, and maintain security data sources, integrations, connectors, and telemetry pipelines
• Monitor telemetry health and resolve ingestion, visibility, normalization, and data quality issues
• Develop and optimize KQL queries for investigations, threat hunting, detection logic, and operational analysis
• Perform proactive threat hunting and improve detection logic for accuracy, fidelity, and coverage
• Respond to escalated security incidents, including investigation, containment, remediation, and root cause analysis
• Identify monitoring gaps and implement improvements to strengthen security visibility across the environment
• Develop and maintain operational playbooks, automation workflows, and response procedures
• Collaborate with IT, cloud, infrastructure, and development teams to strengthen security controls and monitoring coverage

Skills

• 5+ years of experience in cybersecurity operations, incident response, threat detection, security engineering, or security monitoring
• Hands-on experience administering and optimizing Microsoft Sentinel in a production environment
• Strong proficiency with Kusto Query Language (KQL) for investigations, threat hunting, detection development, and telemetry analysis
• Experience onboarding, troubleshooting, and maintaining SIEM data sources and security integrations
• Strong understanding of security telemetry, log ingestion, data normalization, detection logic, and monitoring effectiveness
• Experience identifying and resolving visibility gaps, ingestion issues, and monitoring deficiencies
• Experience performing root cause analysis of security incidents, alert quality issues, and monitoring failures
• Hands-on experience with Azure Monitor, Log Analytics, and Entra ID
• Proficiency with Python and/or PowerShell for automation and operational support
• Excellent communication and collaboration skills
• Ability to operate independently and take ownership of outcomes in a fast-paced environment
• Hands-on expertise with CrowdStrike Falcon
• Experience with Defender XDR, Splunk, osquery, and AWS environments
• Experience building detections, analytics rules, automation workflows, or security monitoring content
• Experience with Power BI or other data visualization platforms
• GIAC, GCFA, GCFR, or similar certifications

Company Overview