Should have minimum 10 - 12 years of experience in the following technologies and tools including MS Defender, MS Sentinel, MS Intune, MS Purview, Sentinel One, Cisco IDS/IPS, Checkpoint IDS/IPS, F5 DCS WAF.
Experience in implementing, maintaining, and optimizing MS Purview DLP solutions will be good to have.
Should have knowledge in Kusto query language; playbook & workbook creation and updation, logic app configuration in MS Sentinel.
Understanding of Linux, Windows, AD, Network, and security event logging.
In-depth understanding of security threats, threat attack methods and the current threat environment to develop detection use cases.
Ensure effective operation of SIEM content: filters, rules, expressions and other identification mechanisms of the threat and vulnerability management technologies.
Provide professional data analysis to drive further security measures and risk mitigation activities.
Strong verbal and written interpersonal communication skills.
Willingness to work in US shift timings as required to support the team or at priority calls.
Completion of one or more certifications on the below is an added advantage: SC-200, SC-100, CCNA Security, AZ-500.
Primary skillset:
Cyber Security Architect - ITM Engineering
Operational and Implementation hands-on expertise in
EDR platform management and optimization experience in tools: MS Defender and Sentinel One.
SIEM solution management and implementation in MS sentinel.
Detection Engineering
Log source management
KQL logic and Defender Advanced hunting query building
Logic App implementation
SOAR playbook and use cases creation
AIR implementation
M365 Copilot Agent creation and implementation
Dashboard creation and optimization
Azure WAF, AWS WAF and F5 DCS WAF (Distributed cloud) – Configuration, maintenance, and optimization.
Checkpoint and Cisco Firepower IDS/IPS rules and signature fine tuning.
Perform Risk Assessment and provide recommendations to improve Security posture.
