Cybersecurity Engineer (Support Services) 

Join Sri Lanka’s Great Place to Work Awarded organization, Tech One Lanka!

We are an organization that celebrates the diversity of our teams, where everyone can be themselves and are empowered to do their best work. Our purpose is to build an empowered community with empathy and a growth mindset to build innovative solutions to achieve remarkable results. We foster a safe space for everyone to learn, grow, and have fun. This is why our people can’t believe that their work here is actually a job. That’s because innovation is at the heart of everything we do. Every day our people get to imagine new possibilities, take magnificent risks, fail spectacularly, and succeed in spaces no one has dared to venture into before

What’s in it for you :

Here at Tech One, you’ll have the opportunity to make an impact by contributing to our global projects and working with diverse talented individuals across our offices. We promote an always-learning culture and provide our people with vast opportunities for growth. Got any suggestions to make Tech One an even better place to work at? We have a team who listens; share your thoughts and contribute to the changes. Got the skills and right qualities to be part of our awesome team? Competitive remuneration awaits you!

The role in a nutshell:

Tech One Global Lanka Pvt Ltd. is seeking a Cybersecurity Engineer to join our Microsoft Security practice as a technical support specialist. This role is responsible for the triage, investigation, and resolution of Microsoft security support services across a managed customer portfolio, spanning Sentinel, Defender XDR, Entra ID, and baseline Azure and M365 security configurations. Operating at L1 and L2 tiers, you will manage incidents within defined SLAs, engage directly with customer security contacts, and escalate effectively to senior engineers. This role includes participation in an on-call roster and extended hours schedule on a rotational basis.

What you will do in this role:

• Ticket Triage & SLA Management: Demonstrate technical maturity in assessing issue severity, scope, and customer impact accurately from the outset, ensuring tickets are correctly prioritized, ownership is established, and SLA milestones are actively tracked from first response through to closure. Escalate L3 issues with clear, well-documented diagnostic findings for efficient senior engineer handover.
• Microsoft Sentinel Support: Monitor and investigate Sentinel workspaces for active incidents, false positives, and data ingestion issues. Perform KQL-based log investigation to triage alerts and identify root cause. Escalate analytics rule tuning, playbook faults, and connector issues to senior engineers with complete diagnostic context.
• Defender XDR Alert Investigation: Investigate alerts across MDE, MDO, and MDI through the unified XDR portal. Perform device, user, and email-based triage, execute basic containment actions where authorized, and produce clear incident summaries and root cause findings for customer communication.
• Entra ID & Identity Support: Diagnose and resolve Conditional Access failures, MFA/SSPR problems, PIM issues, SSO/federation errors, Identity Protection risk events, and Entra Connect sync failures. Escalate complex hybrid identity and advanced risk policy issues with sufficient diagnostic context.
• Broader Security Stack Troubleshooting: Diagnose and resolve support issues across the Microsoft security stack, spanning Defender for Cloud alerts, Security Copilot, Azure Policy compliance issues, RBAC and Key Vault access problems, Intune compliance failures, and M365 baseline security misconfigurations — accounting for hybrid and co-managed endpoint scenarios where cloud and on-premises controls intersect.
• Customer Communication & Reporting: Maintain clear, timely communication with customer contacts, providing status updates, plain-language resolution summaries, and root cause findings. Contribute to monthly security support reporting and participate in service review meetings as required.
• Knowledge Base & Operational Coverage: Document resolution procedures and recurring issue patterns to improve L1 capability and reduce repeat escalations. Participate in an on-call roster and extended hours schedule on a rotational basis to maintain continuous customer SLA coverage.

Required Qualifications 

• Bachelor’s degree in Cybersecurity, or related field
• 2–3 years in a security support, SOC analyst, or IT support role within a Microsoft partner or enterprise security environment
• Working knowledge across: Microsoft Sentinel, Defender XDR (MDE, MDO, MDI), Entra ID, Defender for Cloud, Azure Policy, Intune, and M365 baseline security configurations
• Knowledge in on-premises Active Directory, Windows Server, End user devices and Group Policy sufficient to support hybrid security troubleshooting
• Strong troubleshooting discipline: methodical, well-documented, and escalation-ready
• Clear written and verbal communication skills under SLA pressure
• Familiarity with an ITSM platform

Preferred Qualifications 

• Microsoft certifications: SC-900 (baseline); SC-200, SC-300, or MD-102 in progress or recently completed
• Experience in an MSP/LSP managed security support environment with multi-customer SLA responsibilities
• Basic PowerShell and KQL proficiency for log investigation and diagnostic queries
• Foundational awareness of security frameworks such as NIST CSF, CIS Controls, or ISO 27001

Key Competencies 

How to get in touch with us:

Address: Tech One Global Lanka (Pvt) Ltd, No:185/4, Havelock Road, Colombo 05

E-mail your CV to hr@techoneglobal.com along with the contact details of two non-related referees