Inspira Enterprise India is seeking a highly experienced and proactive Senior Cloud Security Engineer specializing in Microsoft Sentinel and Threat Hunting. The ideal candidate will possess deep expertise in deploying and configuring Microsoft Sentinel, integrating diverse data sources, and developing advanced KQL queries for robust threat detection. This role is critical for performing proactive threat hunting, building automated incident response workflows, and ensuring the highest level of security posture across hybrid and multi-cloud environments.
Key Responsibilities
- Microsoft Sentinel Deployment & Configuration: Lead the deployment and configuration of Microsoft Sentinel and its dependent resources, ensuring optimal setup for security monitoring.
- Data Integration: Integrate diverse data sources into the SIEM (Security Information and Event Management) for holistic threat visibility across the enterprise.
- Query & Alert Development: Develop advanced KQL (Kusto Query Language) queries and build sophisticated analytical rules and alerts within Sentinel for effective threat detection.
- Use Case Implementation: Design and implement security use cases meticulously aligned to industry-recognized frameworks such as NIST (National Institute of Standards and Technology) and MITRE ATT&CK.
- SOAR Workflow Automation: Build SOAR (Security Orchestration, Automation, and Response) workflows using Azure Logic Apps for automated incident response and efficient security operations.
- Threat Hunting & Simulation: Proactively perform threat hunting exercises and simulate non-invasive attacks based on observed Tactics, Techniques, and Procedures (TTPs) and known threat actor behavior.
- Incident Response: Conduct in-depth forensic analysis, root cause analysis (RCA), and efficient incident triage for security incidents.
- Threat Intelligence Utilization: Leverage threat intelligence feeds for proactive defense and to refine detection strategies.
- Reporting & Metrics: Create and maintain comprehensive KPI dashboards and reporting metrics for various stakeholders, providing clear insights into the security posture.
- Proof of Concepts (PoCs): Build Proof of Concepts (PoCs) for domain-specific security implementations, demonstrating feasibility and value.
- EDR & CASB Management: Utilize and maintain EDR (Endpoint Detection and Response) and CASB (Cloud Access Security Broker) tools, with a preference for Microsoft Defender ATP.
- Hybrid/Multi-Cloud Security: Maintain and enhance security posture in complex hybrid and multi-cloud environments (Azure, AWS, GCP).
- Custom Security Objects: Create custom security policies, dashboards, and workbooks in Sentinel to tailor monitoring and reporting.
- Compliance Support: Participate in compliance control strategies (e.g., PCI, PII) using Azure Automation to ensure regulatory adherence.
- CSPM Support: Support Cloud Security Posture Management (CSPM) tool testing and policy scoring to identify and remediate cloud misconfigurations.
- Report Generation: Support in report generation (daily, weekly, quarterly, annually) for various stakeholders, providing clear and actionable insights.
Technical Skills & Experience
- Core Security Fundamentals: Deep understanding of Active Directory, DNS Security, Network Protocols, Web Technologies, TLS, and Firewalls.
- EDR Solutions: Proficient in EDR solutions, with a strong preference for Microsoft Defender ATP.
- Azure Cloud Security: Extensive hands-on experience with Azure cloud security technologies, including but not limited to Defender for Cloud, Defender for Identity, Defender for Office 365, Azure Security Center, Azure Firewall, and Azure Network Security Groups.
- Multi-Cloud Exposure: Exposure to GCP (e.g., Security Command Center, Confidential Computing) and AWS (e.g., Security Hub, GuardDuty, Macie) is a significant plus.
- Scripting: Proficient in PowerShell, Bash, Python scripting (preferred but not mandatory for all aspects of the role).
- IT Forensics: Knowledge of IT Forensics tools, techniques, and methodologies for incident investigation.
- Policy & Automation: Experience in policy creation, dashboarding, and process automation within security tools.
Good to Have
- Exposure to Cloud App Security, Azure Key Vault, Confidential Computing, AWS Shield, and other advanced cloud security services.
- Industry certifications like AZ-500 (Microsoft Azure Security Technologies), SC-200 (Microsoft Security Operations Analyst), AWS Certified Security - Specialty, etc.
- Experience with setting up SOC processes or impleme
