Role SummaryWe are hiring a Senior Microsoft Sentinel Implementation Specialist with strong hands-on experience in SIEM deployment, log onboarding, detection engineering, and SOC optimization.
This role is implementation-heavy, requiring someone who can build, tune, and mature a Sentinel environment, not just monitor alerts. The ideal candidate should have experience working in enterprise SOC environments and be comfortable handling multi-source log integration, correlation, and automation.
Key Responsibilities1. Sentinel Implementation & Log Onboarding- Implement and configure Microsoft Sentinel for enterprise environments
- Onboard logs from:
- Firewalls, WAF, IDS/IPS, proxy
- Endpoints (Defender / EDR tools)
- Azure / AWS / GCP workloads
- Entra ID (Azure AD), Active Directory
- SaaS applications (M365, custom apps)
- Configure data connectors, parsers, and normalization
2. Detection Engineering & Correlation- Develop and tune analytics rules using KQL
- Build correlation use cases across multiple log sources
- Map detections to MITRE ATT&CK techniques
- Create custom detection scenarios based on real-world threats
3. Monitoring, Tuning & Noise Reduction- Fine-tune rules to reduce false positives and alert fatigue
- Improve detection quality and signal-to-noise ratio
- Establish baselines and behavioural patterns
- Continuously optimize alerting logic
4. Incident Response & SOC Operations- Investigate and respond to security incidents
- Perform root cause analysis and attack chain mapping
- Support L2/L3 escalation handling
- Define and improve incident response workflows
5. SOAR & Playbook Automation- Build and maintain Sentinel playbooks (Logic Apps)
- Automate alert enrichment, notifications, and response actions
- Integrate threat intelligence feeds (VirusTotal, etc.)
- Reduce manual SOC effort through automation
6. Reporting & Dashboards- Create Sentinel dashboards and workbooks
- Track metrics such as:
- Alert volumes
- MTTR
- Detection coverage
- Provide insights for SOC improvement
Must-Have Skills- Strong hands-on experience with Microsoft Sentinel (mandatory)
- Good knowledge of KQL (Kusto Query Language)
- Experience in log onboarding from multiple device types
- Hands-on experience in SIEM rule tuning and false positive reduction
- Exposure to incident response and SOC workflows
- Experience with SOAR / Playbook automation (Logic Apps preferred)
Good to Have- Experience with Microsoft Defender Suite (XDR, Endpoint, O365, Cloud)
- Knowledge of Entra ID (Azure AD) and identity security
- Exposure to AWS / multi-cloud environments
- Basic scripting (PowerShell / Python)
- Understanding of MITRE ATT&CK framework
Certifications (Preferred)- SC-200 (Microsoft Security Operations Analyst)
- AZ-500 (Azure Security Engineer)
Ideal Candidate Profile- Comes from a SOC / SIEM engineering background (not just monitoring)
- Has worked on implementation or major tuning projects
- Strong in problem solving and log analysis
- Able to work with minimal supervision in a fast-paced environment
