Security Analyst - Houston, TX

Zedcor Inc. (TSX-V:

ZDC) is revolutionizing physical security by providing mobile surveillance and live monitoring solutions to high‑profile customers across North America.

The Security Analyst is responsible for ensuring that the organization’s security logs, alerts, and telemetry are properly collected, monitored, routed, and maintained across the enterprise. The primary focus is Microsoft Sentinel SIEM operations, log ingestion health, alert collection, rule validation, and monitoring coverage across all systems and devices. The analyst identifies logging gaps, resolves ingestion issues, creates and tunes alert rules, validates feeds, and ensures the SIEM provides accurate visibility into the environment.

• Operate and maintain Microsoft Sentinel as the organization’s primary SIEM platform.
• Ensure all required security logs and alerts are collected, routed, and visible in Sentinel and other approved monitoring platforms.
• Monitor Sentinel data connectors, agents, ingestion pipelines, parsers, workbooks, analytic rules, and incident creation.
• Validate that logs and alerts are collected from all approved sources, including endpoints, servers, cloud platforms, network devices, IoT devices, cameras, and security tools.
• Troubleshoot and resolve log ingestion failures, connector issues, parser errors, agent failures, missing data, delayed logs, and alert routing issues.
• Maintain an inventory of log sources, alert sources, collection methods, data connectors, and monitoring coverage.
• Configure, validate, and maintain Microsoft Sentinel data connectors and analytics rules.
• Create, tune, and maintain Sentinels alerts, incidents, workbooks, dashboards, watchlists, and automation rules.
• Use KQL to validate log ingestion, review alert data, investigate anomalies, and support threat hunting.
• Document Sentinel configurations, alert logic, ingestion sources, and operational procedures.
• Ensure Windows and Linux systems are properly configured to send logs to Sentinel and other monitoring platforms.
• Validate Windows Event Logs and Linux authentication logs, troubleshoot logging agents and connectors, and work with IT to adjust audit policies.
• Ensure Azure, Microsoft 365, Entra , Exchange, Defender, and Purview logs are properly collected and monitored.
• Validate Tenable Vulnerability Management scan results and ensure critical findings are routed to the correct dashboards, reports, tickets, or monitoring workflows.
• Coordinate with Arctic Wolf to ensure required logs, feeds, and alerts are properly forwarded and monitored.
• Collect logs and alerts from infrastructure devices such as firewalls, switches, routers, modems, VPN appliances, cameras, IoT devices, printers, servers, and cloud platforms.
• Maintain SOAR playbooks related to alert handling, enrichment, routing, notification, ticket creation, and escalation.
• Support automated response workflows for approved use cases and validate automated actions trigger from correct Sentinel alerts and incidents.
• Use Sentinel, KQL, Arctic Wolf findings, Microsoft Defender alerts, Tenable findings, and collected logs to hunt for suspicious activity.
• Produce recurring reports on Sentinel ingestion health, log source availability, alert source availability, connector health, alert rule status, Tenable data status, Arctic Wolf feed status, Microsoft cloud logging status, and network/IOT device logging status.
• Support audits, compliance reviews, cyber insurance requests, and internal risk reviews by providing evidence of log collection and alert monitoring.

• Experience with Microsoft Sentinel or another SIEM platform.
• Experience with log collection, alert collection, SIEM monitoring, and security event analysis.
• Working knowledge of Windows and Linux operating systems.
• Experience troubleshooting Windows and Linux system logs, syslog, authentication logs, and security audit logs.
• Familiarity with Microsoft Azure, Microsoft 365, Exchange, Entra , Microsoft Defender, and Microsoft Purview logging.
• Familiarity with vulnerability management tools such as Tenable, Nessus, Qualys, Rapid7, or similar.
• Ability to troubleshoot data connectors, logging agents,…