- Manage the day-to-day operations of Microsoft Sentinel, including rule creation, log ingestion, data analytics, and alert triaging
- Develop and tune detection rules, use cases, and analytics within Sentinel to improve threat visibility and detection capabilities
- Leverage Wiz Defend to detect and respond to runtime threats across cloud workloads and Kubernetes environments in real-time
- Continuously monitor and investigate alerts generated by Wiz Defend to enhance threat detection, triage, and incident response capabilities
- Perform proactive threat hunting to identify and mitigate advanced threats
- Conduct in-depth incident investigations and coordinate response efforts to ensure swift remediation
- Collaborate with internal stakeholders and the Threat Intelligence team to identify and mitigate potential security threats
- Generate reports and dashboards to communicate SOC performance metrics and security posture to leadership
- Continuously improve SOC processes and playbooks to streamline operations and response efforts
- Mentor junior SOC analysts and provide guidance on security best practices
- This role requires participation in a rotational shift
Flexibility and availability to respond to urgent incidents outside of assigned shifts, as needed
What you'll bring:
- Strong analytical and problem-solving abilities
- Excellent communication and interpersonal skills to effectively collaborate with cross-functional teams
- Proven ability to remain calm and efficient under a high-pressure environment
- Proficient in using SIEM tools, such as Microsoft Sentinel
- Experience with data migration strategies across SIEM platforms
- Experience on Cloud Security Operations and Incident Response platforms such as Wiz
- In-depth understanding of cyber threats, vulnerabilities, and attack vectors
- Proficient in creating KQL queries and custom alerts within Microsoft Sentinel
- Expertise in developing SIEM use cases and detection rules
- Skilled in incident response and management procedures
- Experienced in conducting deep-dive investigations and root cause analysis for incidents
- Adept at collaborating with stakeholders to resolve complex cybersecurity challenges
- Ability to automate routine SOC processes to enhance operational efficiency
- Experienced in mentoring and guiding junior analysts in security operations
- Knowledge of major cloud platforms (AWS, Azure, GCP), including their security models, IAM roles, virtual private cloud (VPC) configurations, and cloud-native security tools
Good to have skills and abilities:
- Excellent interpersonal (self-motivational, organizational, personal project management) skills
- Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System
- Ability to analyze cyber threats to develop actionable intelligence
- Skill in using data visualization tools to convey complex security information
Academic Qualifications:
- Bachelors degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience)
- 4+ years of experience in a Security Operations Center (SOC) environment, with a focus on SIEM management
- Strong hands-on experience with Microsoft Sentinel, including data connectors, KQL queries, analytics rules, and workbooks
- Experience with SIEM migration
- Expertise in incident response, threat detection, and security monitoring
- Solid understanding of Windows, Linux, and cloud security concepts
- Relevant certifications (eg, CompTIA Security+, Microsoft Certified: Security Operations Analyst, GCIA, GCIH, OSDA, GCFA) are preferred
- Preferred Security Cloud Certifications: AWS Security Specialty
