Company Profile
Flentas helps enterprises leverage the full potential of the Cloud through consulting and implementation services. As an organization, Flentas brings strong technology expertise and hands-on experience to drive large-scale digital transformation initiatives and scale cloud operations. We serve clients globally, supported by a passionate team of experienced Solution Architects and Technology Enthusiasts.
Job Title: SecOps Engineer (L2)
Location: Pune, India (Hybrid)
Experience: 4+ Years
Role Overview
As a SecOps L2 Engineer, you will be the technical escalation point for security incidents across our Microsoft cloud estate. You will be responsible for proactive threat hunting, fine-tuning detection rules, and automating responses to safeguard our Azure infrastructure and M365 environment. This role requires a deep understanding of the
Microsoft Unified Security Stack.
Key Responsibilities
- Incident Response & Escalation: Act as the Tier 2 lead for investigating complex security alerts escalated by L1. Perform deep-dive forensics on compromised identities, endpoints, and cloud resources.
- Sentinel Management: Manage and optimize Microsoft Sentinel (SIEM/SOAR). Write and refine Kusto Query Language (KQL) for custom detection rules, workbooks, and hunting queries.
- M365 Security Operations: Monitor and remediate threats within Microsoft 365 Defender, including:
- Defender for Endpoint: EDR/XDR response and vulnerability management.
- Defender for Office 365: Investigating sophisticated phishing and BEC attacks.
- Defender for Identity: Monitoring lateral movement and AD/Entra ID threats.
- Azure Infrastructure Security: Utilize Microsoft Defender for Cloud to maintain cloud security posture (CSPM) and protect workloads (CWPP) across subscriptions.
- Automation & Orchestration: Build and maintain Sentinel Playbooks (Logic Apps) to automate repetitive remediation tasks and reduce Mean Time to Respond (MTTR).
- Identity Security: Monitor Microsoft Entra ID (formerly Azure AD) for risky sign-ins, manage Conditional Access policy triggers, and oversee Privileged Identity Management (PIM) alerts.
Technical Requirements
- SIEM/SOAR: Expert-level experience with Microsoft Sentinel and KQL.
- Cloud Platform: Strong hands-on experience with Azure Security Center / Defender for Cloud.
- M365 Suite: Deep knowledge of the Microsoft 365 Defender portal and Purview (for data loss prevention).
- Identity: Proficiency in Microsoft Entra ID, including Identity Protection and Governance.
- Scripting: Ability to automate tasks using PowerShell or Python.
- Network Security: Understanding of Azure Firewall, NSGs, and WAF logs.
Preferred Certifications
- AZ-500: Microsoft Azure Security Technologies.
- SC-200: Microsoft Security Operations Analyst.
- SC-300: Microsoft Identity and Access Administrator.
Preferred Soft Skills
- Strong analytical mindset with a focus on connecting the dots between disparate alerts.
- Excellent communication skills for documenting incidents and collaborating with DevOps/Infrastructure teams.
Ability to work in a 24/7 rotational environment if required.
