- Configure, manage, and optimize Microsoft Sentinel for efficient threat detection and response.
- Ensure SIEM infrastructure is running optimally, including performance monitoring and issue resolution.
- Regularly update and optimize SIEM policies, rules and configurations based on evolving threats.
- Onboard, configure, and manage data connectors from various log sources, including cloud, on-premises, and hybrid environments.
- Ensure log ingestion health and troubleshoot data collection issues.
- Develop, implement, and fine-tune analytics rules, detection logic, and playbooks in Sentinel.
- Assist SOC and incident response teams with log analysis, threat correlation, and incident investigation.
- Reduce false positives by refining detection rules and optimizing event filtering.
- Implement and enhance automation using Kusto Query Language (KQL), Logic Apps, and Microsoft Defender XDR integrations.
- Maintain SIEM compliance with security policies, industry regulations (e.g., GDPR, NIST, ISO 27001), and best practices.
- Generate reports and dashboards to provide visibility into security posture and SIEM performance.
- Work with SOC, IT, and Cloud Security teams to enhance Sentinel capabilities.
- Document SIEM configurations, detection use cases, and operational procedures.
- Incident & Problem Management, Change & Release Management, Vendor Management, Capacity Management functions for the platform.
- Maintain up-to-date knowledge of technology standards, industry trends, emerging technologies, and cyber security best practices.
- Ensure technical issues are quickly resolved and help implement strategies and solutions to reduce the likelihood of recurrence.
- Passionate about data to drive information-based security analytics.
- Value add - Person in having experience in Cloud Management, Splunk and Chronicle.
Your skills and experience
- The candidate must have Engineering Background in Computer Science, Information Technology, Cybersecurity or related field and a minimum of 8+ years of experience with recent experience in Security engineering, system administration, network engineering, software engineering/development with a focus on Cybersecurity.
- 8+ years of IT engineering experience with recent experience in building and managing infrastructure and security platforms.
- 3+ years of Experience implementing, architecting and administering SIEM platforms like Sentinel, Chronicle, Splunk for a large global organization.
- Knowledge of Azure services and data ingestion from those services into SIEM.
- Familiarity with MITRE ATT&CK, cyber threat intelligence and SOC Workflows
- Understanding of SOAR Principles
- Hands on Experience with Microsoft Azure platform, managing various configurations to enable & manage Sentinel.
- Experience developing in XML, Bash,Python, and PowerShell scripts.
- DevOps Engineering experience.(Terraform, SDLC, Actions)
- Independent, self-motivated, proactive approach to problem solving and prevention.
- Excellent written and verbal communication skills.
- Passionate about cyber security and the aptitude to identify and solve security problems.
