Cybersecurity Senior Analyst
Company: CREO
Location: Durham
Posted on: February 18, 2026
|
|
|
Job Description:
Job Description Job Description JOB DESCRIPTION OVERVIEW The
Cybersecurity Senior Analyst supports the delivery of cybersecurity
consulting services, with a primary focus on Microsoft security
technologies (Microsoft 365, Azure, Microsoft Defender, and
Microsoft Sentinel). This role is hands-on in client environments
and works closely with consulting leads who manage most client
communications. The Senior Analyst executes assigned technical
tasks, performs analysis, and produces high-quality documentation
and deliverables that consultants use in client presentations and
recommendations. This position is ideal for someone who is
comfortable operating independently on defined workstreams (e.g.,
vulnerability management, security monitoring support, identity
reviews, configuration assessments) while still collaborating
closely with senior consultants/architects for direction and
quality assurance. POSITION RESPONSIBILITIES 1. Engagement Delivery
Support (Consultant-led execution) Execute scoped technical tasks
in client environments under direction of the engagement
Consultant/Lead (e.g., configuration exports, evidence capture,
running approved scripts/queries, validating settings). Track
assigned tasks, dependencies, and blockers; escalate issues early
with proposed options. Coordinate primarily with internal
consulting staff; join select client meetings as needed for
technical context or note-taking (client communication typically
routed through the Consultant/Lead). 2. Microsoft Identity & Access
Management Support (Entra ID / Azure AD) Perform identity posture
reviews: privileged role assignments, admin hygiene, MFA coverage,
legacy authentication exposure, risky sign-ins context gathering,
and guest/external access posture. Support Conditional Access
initiatives by documenting policy intent, performing impact
analysis (who/what is affected), validating implementation results,
and capturing evidence. Assist with access governance activities
(e.g., access reviews status, group/role hygiene, application
registration/service principal inventory support). 3. Microsoft 365
Email & Collaboration Security Support Support validation of key
M365 security controls such as anti-phishing/anti-spam policy
posture, Safe Links/Safe Attachments configuration evidence, and
tenant security settings. Assist with basic domain/email
authentication, posture checks (SPF/DKIM/DMARC status documentation
and recommendations). Support evidence gathering and documentation
for collaboration/data controls (e.g., SharePoint/OneDrive sharing
posture, baseline checks) as scoped by the engagement lead. 4.
Endpoint & Device Security Support (Defender, SentinelOne, Intune,
JAMF) Validate endpoint security onboarding coverage and basic
posture (e.g., sensor health, policy application status, and tamper
protection evidence). Support collection of endpoint investigation
context (alert/device timeline exports, event/log context
gathering) as permitted by client procedures. Assist with
documenting endpoint hardening gaps and recommended next steps for
Consultant review. 5. Security Monitoring Support (Microsoft
Sentinel / Microsoft Defender) Support monitoring operations:
incident queue review support, connector health checks, data
onboarding validation, and log source verification. Write, adapt,
and run KQL queries to support investigations, reporting, and
validation of detections (within defined scope and review
processes). Assist with documentation of analytics rules, triage
guidance, escalation criteria, and operational runbooks; propose
tuning recommendations based on alert quality/noise. 6.
Vulnerability Management & Exposure Support Coordinate
vulnerability scanning (e.g., Tenable/Qualys): scheduling, scope
validation, credentialed scan setup (where applicable), and scan
quality troubleshooting. Normalize results, validate false
positives, and organize findings into actionable themes for
remediation planning. Maintain remediation trackers, support
retesting/closure evidence, and produce executive summaries of
metrics and trends. 7. Azure Security Support Support Azure posture
reviews through evidence collection and validation of secure
configuration items (e.g., RBAC review inputs, logging/diagnostics
settings, resource inventory exports). Assist with
triage/documentation of Microsoft Defender for Cloud
recommendations and improvement plans. Support collection of
evidence aligned to secure landing zone principles. 8. Incident
Response Support Support investigations by gathering
artifacts/logs, building basic timelines, and documenting actions
taken. Follow defined playbooks and escalation criteria; assist
with containment actions only when directed and approved. Support
tabletop exercises and post-incident documentation (lessons
learned, playbook updates). 9. Reporting, Deliverables, and Quality
Control Draft findings, evidence narratives, and remediation
recommendations for Consultant review. Build and maintain
engagement artifacts (spreadsheets, trackers, diagrams, working
papers, dashboards) used in client-ready deliverables. Perform QA
on deliverables and evidence; accuracy checks, consistency,
completeness, and professional presentation. REQUIRED
QUALIFICATIONS, SKILLS, AND EXPERIENCE 3-5 years in cybersecurity.
Microsoft 365 administration and security configuration experience.
Experience with PowerShell scripting (module development, Graph
API, REST), automation runbooks, and CLI tooling. Hands-on IAM
engineering: Conditional Access, MFA/passwordless, PIM/JIT, RBAC,
access reviews, and user lifecycle (joiner/mover/leaver). Azure and
Microsoft security engineering: Sentinel, Defender for Cloud,
Microsoft 365 Defender, secure landing zones, logging/monitoring.
Strong analytical and communication skills. Bachelor’s degree in a
relevant field or equivalent experience. CERTIFICATIONS (Current or
within 6 months) Microsoft Certified: Identity and Access
Administrator Associate (SC-300). Microsoft Certified: Azure
Security Engineer Associate (AZ-500). Strongly preferred:
Cybersecurity Architect Expert (SC-100); Security Operations
Analyst Associate (SC-200); CompTIA Security. ADDITIONAL DESIRED,
BUT NOT REQUIRED Experience integrating CrowdStrike Falcon with
Microsoft security tools. Experience with Infrastructure-as-Code
(Bicep/Terraform) and policy (Azure Policy, Defender for Cloud).
Scripting beyond PowerShell (e.g., Python) for data analysis and
automation. Experience with data protection and compliance controls
(DLP, Purview). Priority This role is open to remote candidates;
however, preference will be given to those located in the Durham,
NC area Please note: This application may be reviewed in part by
automated systems to help identify qualified candidates. Powered by
JazzHR vWRWOagZMP
Keywords: CREO, Greenville , Cybersecurity Senior Analyst, IT / Software / Systems , Durham, North Carolina
