Lennox (NYSE: LII) Driven by 130 years of legacy, HVAC and refrigeration success, Lennox provides our residential and commercial customers with industry-leading climate-control solutions. At Lennox, we win as a team, aiming for excellence and delivering innovative, sustainable products and services. Our culture guides us and creates a workplace where all employees feel heard and welcomed. Lennox is a global community that values each team member’s contributions and offers a supportive environment for career development. Come, stay, and grow with us.

We are seeking a Cloud Security Analyst (IC2) to strengthen cloud security monitoring, detection engineering, and posture management across Azure environments. This position involves developing and optimizing Sentinel analytics rules, ingesting hybrid and on-premises logs, and managing Defender for Cloud operations.  The analyst will partner with SOC, Cloud CoE, Infrastructure, and DevOps teams to improve Secure Score, reduce vulnerabilities, and operationalize actionable detections aligned to MITRE ATT&CK.

Role Summary

• Develop, test, deploy, and fine‑tune Microsoft Sentinel analytics rules (scheduled/NRT), including entity mapping, incident grouping, and alert thresholds to minimize false positives and improve signal quality.
• Create and maintain KQL queries for detection engineering, threat hunting, and operational dashboards/workbooks; document detection logic, assumptions, and expected outcomes.
• Integrate and onboard data sources into Microsoft Sentinel, including Azure-native logs (Activity, Diagnostics, Azure resource logs, Entra ID/Azure AD logs, Defender alerts) and onprem/hybrid sources (Syslog/CEF/Windows events) using modern ingestion patterns.
• Perform data ingestion troubleshooting (missing data, parsing issues, normalization), validate data quality, and ensure appropriate retention/coverage for security investigations and audit needs.
• Operate Microsoft Defender for Cloud for posture management: review recommendations, prioritize remediation, track Secure Score improvement, and coordinate fixes with resource owners.
• Support vulnerability reduction initiatives (SQL/VM/container findings), validate remediation, and report progress with clear metrics and evidence.
• Conduct security investigations and triage cloud-related alerts/incidents; collect artifacts, validate user/activity context, and collaborate with SOC/IRT on containment, recovery, and lessons learned.
• Contribute to container security monitoring (AKS/ACR) by supporting baseline hardening, vulnerability assessment workflows, and runtime alert review in partnership with platform teams.
• Maintain SOPs/runbooks for Sentinel and Defender for Cloud operations (rule lifecycle, tuning, connector onboarding, investigation playbooks).
• Assist with periodic control checks and evidence preparation for audits (cloud governance, logging, monitoring, access controls).
• Align Sentinel detections with MITRE ATT&CK mapping and maintain documentation for auditability and knowledge transfer.
• Collaborate with infrastructure teams to ensure EDR coverage across Azure VMs and support incident investigations with endpoint telemetry.
• Integrate critical data sources (for example, API marketplace Front Door and Azure WAF logs) into Sentinel and transition monitoring ownership to SOC with SOPs.
• Enable Microsoft Defender Vulnerability Assessment for Azure SQL servers and expand coverage across all subscriptions.
• Drive measurable reduction in Azure SQL vulnerabilities .

• Bachelor’s degree in Computer Science, Information Security, or a related discipline (or equivalent experience).
• 3–5 years of experience in Security Operations, Cloud Security, SIEM engineering, or related roles.
• Azure fundamentals knowledge with working familiarity in subscriptions, resource groups, IAM/RBAC, networking basics, and Azure logging/monitoring concepts.
• Certifications: AZ‑900 (required). AZ‑500 (preferred).
• Working knowledge of Microsoft Sentinel: analytics rules, incidents, workbooks, automation (basic), and KQL query development.
• Log source onboarding knowledge: Azure diagnostics/resource logs, Syslog/CEF basics, Windows Security event collection concepts, and validation of ingestion/coverage.
• Security investigation skills: triage, log analysis, suspicious activity identification, evidence documentation, and escalation.
• Basic knowledge of authentication and access controls (MFA, Conditional Access concepts, least privilege, privileged access hygiene).
• Compliance awareness (basic): PCI DSS expectations around logging/monitoring and access control; ability to support audit evidence collection.
• One-point awareness of FedRAMP: baseline controls and continuous monitoring mindset (conceptual knowledge is sufficient at IC2).
• Basic container security awareness: cluster hardening concepts, image vulnerability basics, and Kubernetes security hygiene.

Preferred / Nice-to-have Skills

• Hands-on experience integrating on‑prem logs to Sentinel using Azure Arc + Azure Monitor Agent (AMA) and Data Collection Rules (DCR).
• Experience mapping detections to MITRE ATT&CK techniques and maintaining a detection engineering backlog.
• Microsoft Defender for Cloud experience across CSPM and workload protection plans (Servers, SQL, Storage, Containers).
• Exposure to regulatory/compliance dashboards and control evidence collection (PCI, NIST-aligned controls, FedRAMP concepts).
• Scripting/automation basics (PowerShell/Python) and Infrastructure-as-Code familiarity (ARM/Bicep/Terraform) for repeatable security configurations.
• Experience working with ITSM workflows (ServiceNow) for remediation tracking and operational reporting.

Tools & Technologies

• Microsoft Sentinel (Analytics Rules, Incidents, Workbooks, Content Hub, Data Connectors)
• Kusto Query Language (KQL)
• Microsoft Defender for Cloud (Secure Score, Recommendations, Regulatory Compliance, Alerts)
• Azure Monitor / Log Analytics / Azure Monitor Agent (AMA) + Data Collection Rules (DCR)
• Microsoft Entra ID (Azure AD) – MFA/Conditional Access concepts
• Azure platform logging: Activity Logs, Diagnostic Settings, Resource Logs
• Security log formats: Syslog, CEF; Windows Security Events (concepts)
• Containers (basic): AKS, ACR and related security controls