Job Description About the Team & Culture You will be joining a team that operates as consultants and partners to our clients, helping them innovate their existing processes and tools. We are focused on efficiency, strong communication, and sustainable learning paths. You will have an impact on the project’s evolution and the chance to contribute your own ideas to build successful client relationships. The Role The Senior Security Analyst operates at the nexus of expertise and leadership within our Security Operations Center (SOC). With a primary focus on Incident Response mastery within the Microsoft ecosystem, you will lead the charge in safeguarding our organization against cyber threats. This role goes beyond reacting to incidents; it entails proactive defense using Microsoft Sentinel and the Defender XDR suite. You will collaborate with engineering teams to upgrade security tools, identify gaps in the MITRE ATT&CK coverage, and advocate for enhancements that bolster our posture. Key Responsibilities Operations (Threat Detection & Incident Response) - Incident Response Mastery: Lead the investigation of high-severity incidents using the Microsoft Defender Portal. Analyze "Attack Stories" to determine the root cause (e.g., patient zero), scope of compromise (lateral movement), and immediate containment actions (e.g., isolating endpoints via MDE). - Advanced Threat Hunting: Proactively hunt for undetected threats using KQL (Kusto Query Language) across Advanced Hunting tables. Develop hypotheses based on threat intelligence and validate them against data from Defender for Endpoint, Identity, and Cloud Apps. - Detection Engineering: Tune and optimize Sentinel Analytics Rules to reduce false positives. Collaborate with the SOC Architect to translate "hunt findings" into permanent detection logic. - Tool Optimization: Identify gaps in log visibility (e.g., missing Sysmon or firewall logs) and advocate for new Data Connectors or content integrations. - Automation: Leverage Automated Investigation & Response (AIR) capabilities in Defender for Office 365 and Endpoint to handle volume, and identify opportunities for SOAR playbooks (Logic Apps). Business (Strategy & Risk) - Risk Assessment: Conduct assessments using Microsoft Secure Score and Exposure Management to identify critical vulnerabilities that could impact business operations. - Impact Analysis: Assess the potential business impact of security incidents (e.g., distinguishing between a test server and a production financial database) to prioritize response efforts effectively. - Compliance & Reporting: Provide expert guidance on regulatory compliance (GDPR, ISO 27001) by utilizing Microsoft Purview compliance signals and ensuring retention policies in Log Analytics Workspaces meet legal obligations. - Resilience: Contribute to business continuity planning by ensuring that "Break Glass" accounts and recovery procedures are tested and functional within the Azure tenant. People (Leadership & Mentorship) - Mentorship: Act as a technical beacon for Junior/Mid analysts. Guide them through complex investigations in Sentinel, teaching them how to pivot effectively between data tables (e.g., DeviceNetworkEvents to IdentityLogonEvents). - Performance & Growth: Conduct regular code reviews of KQL queries written by the team and provide constructive feedback to optimize performance and accuracy. - Recruitment & Onboarding: Participate in technical interviews for new team members, ensuring they possess the necessary Microsoft ecosystem knowledge to integrate quickly. Qualifications Technical Expertise: - 5+ years of experience in SOC or Incident Response. - Microsoft Sentinel: Deep proficiency in managing incidents, creating Watchlists, and writing complex KQL (joins, aggregations, visualizations). - Microsoft Defender XDR: Hands-on mastery of Defender for Endpoint (MDE), Defender for Identity (MDI), and Defender for Cloud Apps (MDA). - Frameworks: Strong application of the MITRE ATT&CK framework to map detection coverage. - Scripting: ability to read/write PowerShell for analysis or automation. Soft Skills: - Consultative Approach: Ability to explain technical risks to non-technical business stakeholders. - Communication: Excellent written and verbal communication in English (German is a strong plus). - Proactive Mindset: A history of self-driven learning (e.g., setting up a home lab, following security researchers). Nice to Have: - Certifications: Microsoft SC-200 (Security Operations Analyst) is highly desired. SC-100 or AZ-500 are strong additions. - Experience with Logic Apps and SOAR workflow design. Additional Information At Accesa you can Enjoy our holistic benefits program that covers the four pillars that we believe come together to support our wellbeing, covering social, physical, emotional wellbeing, as well as work-life fusion. - Physical Wellbeing: Our wellbeing program includes medical benefits, gym support, and personalised fitness options for an active lifestyle, complemented by team events and the Healthy Habits Club. - Work-Life Fusion: In very dynamic industries such as IT, the line between our professional and personal lives can quickly become blurred. Having a one-size-fits-one approach gives us the flexibility to define the work-life dynamic that works for us. - Emotional Wellbeing: We believe that to maintain our overall health, we need to invest in our mental wellbeing just as much as we do in our physical health, social connections or in achieving work-life balance. - Social Wellbeing: As a growing community in a hybrid environment, we want to ensure we remain connected not just by the great work we do every day but through our passions and interests. Company Description Accesa is a leading technology company headquartered in Cluj-Napoca, with offices in Oradea and 20 years of experience in turning business challenges into opportunities and growth. A value-driven organisation, it has established itself as a partner of choice for major brands in Retail, Manufacturing, Finance, and Banking. It covers the complete digital evolution journey of its customers, from ideation and requirements setup to software development and managed services solutions. With more than 1,200 IT professionals, Accesa also has a fast-growing footprint, establishing itself as an employer of choice for IT professionals who are passionate about problem-solving through technology. Coming together in strong tech teams with a customer-centric approach, they enable businesses to grow, delivering value for our clients, partners, industry, and community.