Wintrio LLC SOC Tier II Analyst, Advanced Investigation Remote · Full time Company website

Apply for SOC Tier II Analyst, Advanced Investigation

WINTrio is an 8(a) and HUBZone organization with a successful record of delivering high-quality technical and professional services to federal and commercial customers including USCIS and Walmart. WINTrio manages and improves overall performance through IT Modernization practices. Our team of seasoned Cyber Security, Cloud/DevSecOps, software, and Support Experts helps your organization secure its digital environment with innovative and bleeding-edge technology solutions based on best practices and approved industry standards. We deliver a 360-degree spectrum of Systems Integration services from Inception to Project Delivery. At WINTrio we provide tailored customized services to meet all your business needs.

SOC Tier II Analyst, Advanced Investigation 

Company Overview 

WINTrio LLC (WINTrio) is a leading provider of Cyber/DevSecOps, Cloud, Artificial Intelligence (AI)/Machine Learning (ML), and Agile Software Development solutions. We collaborate closely with federal and commercial clients to solve complex technical challenges by delivering innovative, agile, and cost-effective solutions. Our team is empowered to think creatively and deliver impactful results that drive measurable value. 

 

Role: SOC Tier II Analyst 

Location: Remote 

Client: Long-term Federal/Public Sector 

Work Authorization: US Citizen or Green Card preferred; must be able to pass federal background and suitability requirements. 

Job Summary: 

As a SOC Tier II Analyst, you will perform advanced investigation of escalated alerts and incidents across Microsoft Sentinel, Microsoft Defender, identity, cloud, endpoint, email, network, SQL, GitHub, and backup environments. This role requires strong analytical ability, KQL skills, incident documentation, and the ability to distinguish real security threats from noise and false positives. 

Key Responsibilities: 

• Investigate escalated alerts from Tier I analysts and automated enrichment workflows.  
• Conduct event correlation across Sentinel, Defender XDR, Entra ID, AWS, firewalls, VPN, Proofpoint, GitHub, SQL, and endpoint telemetry.  
• Use KQL to query, validate, and enrich security events.  
• Analyze suspicious login activity, MFA failures, endpoint detections, lateral movement, malware, phishing, data exfiltration, and administrative changes.  
• Document investigation steps, findings, containment recommendations, and escalation decisions.  
• Support monthly threat hunting activities and use case validation.  
• Recommend tuning changes to reduce false positives and improve detection accuracy.  
• Support incident response, reporting, purple team exercises, and post-incident lessons learned.  

Required Qualifications: 

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field, or equivalent experience.  
• 5+ years of SOC, cybersecurity operations, incident response, threat monitoring, or SIEM investigation experience.  
• Hands-on experience with Microsoft Sentinel and KQL.  
• Experience investigating endpoint, identity, cloud, phishing, network, and privileged access events.  
• Strong understanding of MITRE ATT&CK, NIST incident response lifecycle, and federal cybersecurity practices.  
• Ability to write clear, actionable investigation summaries for technical and non-technical audiences.  

Tools and Preferred Qualifications: 

• Microsoft Sentinel, Defender XDR, MDE, MDI, Entra ID, AWS CloudTrail, VPC Flow Logs.  
• Proofpoint TAP/TRAP, Cisco, Checkpoint, iBoss, VPN, GitHub, SQL Server auditing, Veeam.  
• Certifications preferred: GCIH, GCIA, CySA+, CEH, SC-200, CISSP, Security+.  

Benefits 

• Medical, Dental, and Vision Insurance 
• FSA & HSA options 
• 401(k) Retirement Plan 
• Annual Bonus & Profit Sharing 
• Paid Time Off (PTO) & Vacation 
• Employee Assistance Program (EAP) 
• Life & Disability Insurance 

 

Why Join WINTrio? 

WINTrio is a people-first, employee-driven organization. We offer opportunities to grow across emerging technologies, program management, and business development while working on high-impact federal initiatives. 

 

Equal Opportunity Employer 

WINTrio LLC is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration without regard to race, color, religion, sex, gender identity, national origin, age, veteran status, or disability. 

📩 Apply Now: https://www.wintrio.com/jobs/soc-tier-ii-analyst-advanced-investigation/