Tier I Incident Responder

Pueo is known for bringing the best talent and unique tools to every opportunity. Pueo's Parliament (aka workforce) is composed of professionals who are seeking the opportunity to work in a business organization that thrives on career development and independence. In support of mission and professional growth, our Parliament has supported the development of multiple patents, proprietary tools, and applications as well as trademarked processes.

Our organization emphasizes career development across multiple career environments (at the members own pace) and ensures those who contribute broadly are properly rewarded. Pueo has four career environments where every member of the parliament can participate. Each environment has opportunities available for all levels. Opportunities are framed by an employee's desires and capabilities, and we ensure challenges, growth, and unique experiences are available for employees at all levels.

Our Career Environments (Program, Functional, Service, and Leadership) provide numerous opportunities for employees to invest in their personal growth and those things that offer fulfillment. We invest in helping our members create and execute their career development plans. Our Pods (small teams of 5 or less) are comprised of personnel with similar skillsets to ensure mentorship, understanding, and peer support.

The Tier 1 Incident Responder plays a critical entry-level role in supporting the company's cybersecurity operations. This position is ideal for individuals seeking to launch or advance their career in cybersecurity by actively contributing to incident response and security monitoring. As a Tier 1 responder, you will be responsible for real-time monitoring of security alerts and events, conducting initial triage of potential threats, and escalating incidents as needed.

You will assist with tuning detection & response tools, as well as building dashboards to improve visibility of risk through meaningful representations of data.

This role offers hands-on experience working within a Security Operations Center (SOC) environment, where you will learn to identify suspicious activity, analyze security data, and contribute to maintaining the effectiveness of incident response processes. You will work closely with experienced responders and engineers, gaining valuable mentorship and exposure to best practices in threat detection, compliance monitoring, and incident handling. The ideal candidate is enthusiastic about cybersecurity, has completed relevant training or possesses practical experience supporting incident response, and is eager to develop technical skills while making an immediate impact on organizational security.

• Security Monitoring & Alert Triage
  • Perform real-time monitoring of security alerts and events using Microsoft Defender for Cloud with response actions in Defender, Entra , and Intune.
  • Conduct initial triage of potential threats, validate true positives vs. false positives, and escalate incidents according to SOC procedures.
  • Document triage findings, timelines, and escalation notes in case management systems to ensure accurate incident tracking.
• Incident Response Support
  • Perform evidence gathering, contextual analysis, and initial containment steps based on predefined playbooks in coordination with IT Director and CTO.
  • Help identify patterns of suspicious behavior, account misuse, device compromise, or policy violations using Microsoft security tools.
  • Participate in post-incident reviews by providing notes, data, and observations from Tier 1 analysis.
• Threat Hunting Assistance
  • Support basic threat-hunting activities by reviewing Defender, Entra, and Intune logs for anomalies, suspicious authentications, device health issues, or emerging indicators of compromise.
  • Surface trends or recurring alerts that may indicate misconfigurations or new attack techniques.
  • Configuration, Policy, & Detection Maintenance
  • Assist with updating and tuning security policies, rules, and configurations in:
  • Microsoft Defender for Cloud (Azure Defender)
  • Microsoft Entra  (Identity Protection, Conditional Access)
  • Microsoft Intune (Device compliance & endpoint security)
  • Support optimization of alert rules, thresholds, and baselines to improve fidelity and reduce false positives.
  • Contribute to maintaining and improving dashboards, workbooks, and security visualizations for operational reporting.
• Operational Support & Documentation
  • Maintain accurate documentation of processes, configurations, and SOPs related to Tier 1 responsibilities.
  • Follow established SOC workflows and contribute feedback to enhance operational maturity.
  • Collaborate closely with senior analysts, engineers, and SOC leadership to improve monitoring and IR processes.

• High school diploma or equivalent (Associate's or Bachelor's nice to have but not required).
• Security Operations Fundamentals
  • Understanding of core SOC functions, including alert monitoring, log analysis, incident triage, escalation, and…