Make Your Resume Now

Cybersecurity Analyst

Embark
Uganda
Posted February 23, 2026
Fixed Term Contract $115,000 - $138,000 / year

Job Overview

Role Summary 

We are seeking a Contract Security Analyst with hands-on experience across Netskope SSE, Microsoft Purview (full DLP), Microsoft Defender, and Arctic Wolf MDR. This role blends security operations, incident response, and data loss prevention engineering, supporting both daytoday alert handling and continuous improvement of detection and data protection controls. 

The analyst will act as a key technical partner to internal IT teams and the Arctic Wolf SOC, helping reduce risk, improve signal quality, and ensure strong visibility and control over cloud usage and sensitive data. 

Key Responsibilities


1. Security Monitoring, Investigation & Incident Response 
  • Monitor, triage, and investigate security alerts originating from: 
  • Arctic Wolf MDR 
  • Microsoft Defender (Endpoint, Identity, Office 365, Cloud Apps) 
  • Netskope SSE (SWG, CASB, ZTNA, Threat Protection, DLP) 
  • Perform incident response activities including: 
  • Alert validation, scoping, and root-cause analysis 
  • Endpoint, identity, cloud, and SaaS activity investigation 
  • Containment actions (account suspension, device isolation, session revocation, policy enforcement) 
  • Work closely with Arctic Wolf on: 
  • Case escalations and response coordination 
  • Validation of detections and recommended actions 
  • Produce clear incident documentation, including: 
  • Timelines, affected assets, impact assessment, and remediation steps 
 

2. Detection Engineering & Alert Tuning (NonSIEM) 
  • Tune and optimize detections and policies directly within: 
  • Microsoft Defender portals (no Sentinel) 
  • Netskope security and DLP policies 
  • Arctic Wolf escalation criteria and response workflows 
  • Reduce alert fatigue by: 
  • Eliminating false positives 
  • Aligning severity with business impact 
  • Improving investigation context and signal fidelity 
  • Contribute to detection coverage for: 
  • Identity compromise and OAuth abuse 
  • Malware, ransomware, and lateral movement 
  • Risky SaaS usage and anomalous cloud behavior 
  • Data exfiltration and policy violations 
 

3. Data Loss Prevention & Information Protection 
  • Administer and enhance Microsoft Purview Information Protection and DLP, including: 
  • Sensitivity labels and label policies 
  • DLP policies across Exchange, SharePoint, OneDrive, and Teams 
  • Alert triage and incident follow-up for DLP eventsup for DLP events 
  • Design, implement, and tune Netskope DLP
  • Inline and at rest controls across web and cloud appsrest controls across web and cloud apps 
  • Classification, fingerprinting, and structured/unstructured data detection 
  • Partner with business and privacy stakeholders to: 
  • Translate data protection requirements into enforceable controls 
  • Implement exception handling and user education workflows 
  • Balance risk reduction with business usability 
  • Track and report on DLP effectiveness and trends 
 

4. Netskope SSE Platform Operations 
  • Support the full Netskope SSE stack, including: 
  • Secure Web Gateway (SWG) 
  • CASB (managed and unmanaged apps) 
  • ZTNA 
  • Threat Protection 
  • DLP 
  • Monitor policy health, coverage, and enforcement effectiveness 
  • Identify and remediate gaps in visibility, control, or logging 
  • Support investigations involving risky apps, shadow IT, and cloud misuse 
 

5. Platform Hygiene, Documentation & Reporting 
  • Validate security tool coverage and operational health: 
  • Endpoint onboarding and Defender health 
  • Identity and SaaS integrations 
  • Logging completeness and alert flow 
  • Develop and maintain: 
  • Incident response playbooks 
  • DLP and investigation runbooks 
  • Operational procedures and escalation paths 
  • Produce actionable reporting for leadership: 
  • Incident trends, alert quality, DLP metrics, and risk themes 
  • Support knowledge transfer and operational maturity improvements 

Required Skills and Experience

  • 3–5+ years in a Security Analyst, SOC, or Incident Response role 
  • Hands-on experience with: 
  • Microsoft Defender (Endpoint, Identity, Office 365, Cloud Apps) 
  • Microsoft Purview (Information Protection and full DLP) 
  • Netskope (SWG, CASB, ZTNA, DLP, Threat Protection) 
  • Arctic Wolf MDR (case handling, escalations, collaboration) 
  • Strong understanding of: 
  • Cloud and SaaS security threats 
  • Identity-based attacks and phishing 
  • Data protection and regulatory considerations 
  • Incident response lifecycle and MITRE ATT&CK concepts 
  • Ability to clearly document findings and communicate with both technical and nontechnical stakeholders 
 
Nice-to-Have Qualifications 
  • Experience with: 
  • Defender XDR Advanced Hunting 
  • Security policy design for large M365 environments 
  • SaaS governance and cloud risk management 
  • Certifications (preferred but not required): 
  • SC200, SC400, AZ500, Security+, or equivalent 
 
What Success Looks Like 
Within the first 60 days, the contractor is expected to: 
  • Reduce alert noise through documented tuning improvements 
  • Improve clarity and consistency of incident response processes 
  • Deliver measurable improvements in DLP signal quality 
  • Ensure full coverage and operational health across Defender, Netskope, and Purview 
  • Leave behind clear documentation and operational artifacts 
Don’t meet every single requirement? That’s okay. We encourage you to apply anyway. We believe in investing in potential and supporting our team members as they grow into their roles. If this opportunity excites you, but your experience doesn’t align perfectly, we still want to hear from you. 

Ready to Apply?

Take the next step in your career journey

Apply Show More Jobs

Stand out with a professional resume tailored for this role

Build Your Resume – It’s Free!