Vacant job

At Avaron, you get the security of a permanent employment combined with the variety of working on-site at different clients. We recruit specialists in everything from technology, IT, and industry to project management and business support – and regardless of the assignment, you have a consultant manager who is there for you and your development.

You step into a role where you combine information protection in Microsoft 365 with operational SecOps work and strategic security advisory. In a complex environment, you will work with everything from DLP, Sensitivity Labels, and Insider Risk Management to incident handling, SIEM analysis, and improving detection and response.

You will become a key support for both IT and the business in the work of preventing, detecting, managing, and following up on risks and security incidents. The role spans both operational efforts and long-term improvement work within policies, governance, and security management. This is an exciting opportunity for you who want to influence both the daily security work and the long-term security capability in a technologically advanced Microsoft 365 environment.

• You handle and investigate security incidents and work with triage, analysis, and follow-up of security alerts.
• You work operationally in SIEM with search, correlation, troubleshooting, and incident investigation, as well as developing queries, rules, and detection logic.
• You drive threat hunting and root cause analysis to strengthen capabilities in detection and response.
• You maintain and optimize security policies within Microsoft 365, such as DLP, Insider Risk Management, and Sensitivity Labels.
• You collaborate with external SOC/MDR providers and follow up on incidents, SLAs, and delivery quality.
• You identify improvements based on incidents and analyses, including reducing false positives and further developing detection use cases.
• You review changes and new solutions from a security perspective and translate technical alerts into business risks and recommended actions.
• You contribute to policies, guidelines, documentation, and governance, as well as providing advice to both IT and the business.
• You manage and follow up on third-party services within the security area based on needs, risks, and compliance requirements.

• You have senior experience in information security with a focus on Microsoft 365 Security, information protection, and Security Operations.
• You have experience with information classification and labeling, including Sensitivity Labels and auto-labeling.
• You have experience designing and implementing Data Loss Prevention (DLP).
• You have experience with Insider Risk Management and data protection within Microsoft 365, including Exchange Online, SharePoint, and Teams.
• You have a good understanding of governance within information security and experience in developing policies, guidelines, and working methods.
• You have experience with incident handling at T2/T3 level, as well as analysis and triage of security alerts.
• You have very good experience with modern SIEM solutions and writing and analyzing queries for search, correlation, troubleshooting, and incident investigation.
• You have experience with Defender/XDR, threat hunting, root cause analysis, and frameworks such as MITRE ATT&CK.
• You have experience collaborating with external SOC/MDR providers and following up on incidents, SLAs, and delivery quality.
• You have experience managing and integrating third-party services within the security area, including security monitoring, vulnerability management, vendor management, and compliance support.
• You have experience with risk-based security assessments, reviewing new solutions, and principles such as Zero Trust and Least Privilege.
• You communicate fluently in Swedish and English.

• Knowledge of data protection in AI-based solutions.
• Broad operational experience with security technology from leading providers.

• Permanent employment at Avaron AB
• Pension benefits
• Wellness allowance of 5,000 SEK per year

We are hiring continuously – please apply as soon as possible.