Your day starts with reviewing the latest alerts in Microsoft Sentinel and Defender XDR. A login attempt from an unusual location catches your eye. You dig in, correlate logs, and confirm it’s a phishing attempt. You isolate the account, raise an incident, and work with IT to strengthen MFA rules
Later, you join a threat hunting session with senior analysts, tuning detection rules and testing new use cases. In the afternoon, you validate new log sources, write documentation for a recent incident, and share insights with the team.
Every day you’re learning, not just tools and techniques, but how to think like an attacker and respond like a defender.
Furthermore:
-
Monitor & detect: Analyse alerts and events in Microsoft Sentinel and Defender XDR, validate and investigate alerts, and support continuous tuning of detection logic;
-
Respond: Support investigations and coordinate response actions, document findings, remediation steps, and lessons learned;
-
Hunt & improve: Participate in threat hunting sessions and help fine-tune detection logic and alert quality;
-
Analyse: Conduct basic malware and behavioral analysis to support incident investigations, escalating complex cases to senior analysts;
-
Support vulnerability management: Review scan results and help coordinate remediation with IT teams;
-
Enhance telemetry: Assist in log onboarding and data validation across endpoints and cloud systems;
-
Collaborate & grow: Work closely with senior analysts, improve playbooks, and continuously expand your skills.