Security Analyst - Houston, TXZedcor-Security-Solutions • Houston, Texas, United States
Security Analyst - Houston, TX
Zedcor-Security-Solutions
- Houston, Texas, United States
- Houston, Texas, United States
Über
Position Overview The Security Analyst is responsible for ensuring that the organization’s security logs, alerts, and telemetry are properly collected, monitored, routed, and maintained across the enterprise. The primary focus is Microsoft Sentinel SIEM operations, log ingestion health, alert collection, rule validation, and monitoring coverage across all systems and devices. The analyst identifies logging gaps, resolves ingestion issues, creates and tunes alert rules, validates feeds, and ensures the SIEM provides accurate visibility into the environment.
Key Responsibilities
Operate and maintain Microsoft Sentinel as the organization’s primary SIEM platform.
Ensure all required security logs and alerts are collected, routed, and visible in Sentinel and other approved monitoring platforms.
Monitor Sentinel data connectors, agents, ingestion pipelines, parsers, workbooks, analytic rules, and incident creation.
Validate that logs and alerts are collected from all approved sources, including endpoints, servers, cloud platforms, network devices, IoT devices, cameras, and security tools.
Troubleshoot and resolve log ingestion failures, connector issues, parser errors, agent failures, missing data, delayed logs, and alert routing issues.
Maintain an inventory of log sources, alert sources, collection methods, data connectors, and monitoring coverage.
Configure, validate, and maintain Microsoft Sentinel data connectors and analytics rules.
Create, tune, and maintain Sentinels alerts, incidents, workbooks, dashboards, watchlists, and automation rules.
Use KQL to validate log ingestion, review alert data, investigate anomalies, and support threat hunting.
Document Sentinel configurations, alert logic, ingestion sources, and operational procedures.
Ensure Windows and Linux systems are properly configured to send logs to Sentinel and other monitoring platforms.
Validate Windows Event Logs and Linux authentication logs, troubleshoot logging agents and connectors, and work with IT to adjust audit policies.
Ensure Azure, Microsoft 365, Entra ID, Exchange, Defender, and Purview logs are properly collected and monitored.
Validate Tenable Vulnerability Management scan results and ensure critical findings are routed to the correct dashboards, reports, tickets, or monitoring workflows.
Coordinate with Arctic Wolf to ensure required logs, feeds, and alerts are properly forwarded and monitored.
Collect logs and alerts from infrastructure devices such as firewalls, switches, routers, modems, VPN appliances, cameras, IoT devices, printers, servers, and cloud platforms.
Maintain SOAR playbooks related to alert handling, enrichment, routing, notification, ticket creation, and escalation.
Support automated response workflows for approved use cases and validate automated actions trigger from correct Sentinel alerts and incidents.
Use Sentinel, KQL, Arctic Wolf findings, Microsoft Defender alerts, Tenable findings, and collected logs to hunt for suspicious activity.
Produce recurring reports on Sentinel ingestion health, log source availability, alert source availability, connector health, alert rule status, Tenable data status, Arctic Wolf feed status, Microsoft cloud logging status, and network/IOT device logging status.
Support audits, compliance reviews, cyber insurance requests, and internal risk reviews by providing evidence of log collection and alert monitoring.
Qualifications
Experience with Microsoft Sentinel or another SIEM platform.
Experience with log collection, alert collection, SIEM monitoring, and security event analysis.
Working knowledge of Windows and Linux operating systems.
Experience troubleshooting Windows and Linux system logs, syslog, authentication logs, and security audit logs.
Familiarity with Microsoft Azure, Microsoft 365, Exchange, Entra ID, Microsoft Defender, and Microsoft Purview logging.
Familiarity with vulnerability management tools such as Tenable, Nessus, Qualys, Rapid7, or similar.
Ability to troubleshoot data connectors, logging agents, syslog forwarding, API integrations, audit policies, and alert routing.
Basic understanding of firewalls, switches, routers, modems, wireless networks, servers, endpoints, cloud systems, cameras, and IoT devices.
Ability to create, review, validate, and tune SIEM alert rules.
Strong analytical, documentation, and problem‑solving skills.
Why Join Zedcor? At Zedcor, you won’t just maintain systems; you’ll help build and shape the future of security technology. We provide the tools, mentorship, and environment to help you thrive and grow in your technical career, offering a dynamic and rewarding opportunity to take your skills to the next level.
Equal Employment Opportunity Statement Zedcor Inc. is an Equal Opportunity Employer and maintains a policy of recruiting and retaining the best-qualified personnel who demonstrate the ability to perform competently and work well with others. The policy of nondiscrimination is applied to all aspects of the employment relationship. The Company complies with the Americans with Disabilities Act (ADA) and applicable state and local laws in ensuring equal opportunity and employment for qualified persons with disabilities. We also consider qualified applicants with criminal histories, consistent with legal requirements.
EEO is the Law – Notice of Applicant Rights Under the Law.
#J-18808-Ljbffr
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klick auf „Jetzt Bewerben”, um deine Bewerbung direkt auf deren Website einzureichen.