Job Role : SIEM - Microsoft Sentinel Consultant
Work Location : Remote/ India
Job Type : Full Time
Key Responsibilities:
- Lead end-to-end deployment and migration of SIEM solutions to Microsoft Sentinel
- Design, implement, and optimize SIEM and SOAR architectures within Microsoft Sentinel
- Develop complex custom detection rules using advanced KQL (Kusto Query Language)
- Build and maintain custom SOAR automation workflows using Logic Apps
- Develop Codeless Connector Framework (CCF) solutions for integrating custom data sources and applications
- Integrate SAP systems with Microsoft Sentinel and design custom detection use cases
- Leverage Microsoft Security Copilot / GitHub Copilot for AI-assisted content creation during migration and optimization
- Implement data ingestion pipelines using tools such as Logstash, NXLog, or similar technologies
- Integrate logs into Microsoft Sentinel Data Lake for centralized analysis
- Develop integrations for custom applications (e.g., Oracle Fusion) using APIs and Logic Apps
- Create and manage Azure Function Apps for advanced data integration scenarios
- Design and implement ASIM (Advanced Security Information Model) parsers
- Continuously improve detection coverage, automation, and response capabilities
Required Skills & Qualifications:
- Strong hands-on experience with Microsoft Sentinel SIEM and SOAR
- Proven experience in SIEM deployment and migration to Microsoft Sentinel
- Advanced proficiency in KQL (Kusto Query Language) for detection engineering
- Experience in building custom connectors and ingestion pipelines
- Expertise in Logic Apps, Azure Functions, and API integrations
- Hands-on experience with Logstash, NXLog, or equivalent data ingestion tools
- Experience integrating enterprise applications (SAP, Oracle Fusion, etc.) with SIEM platforms
- Strong understanding of ASIM architecture and parser development
- Familiarity with Microsoft Security Copilot and Generative AI capabilities
- Experience working with Microsoft Sentinel Data Lake and data architecture
Preferred Qualifications:
Experience with cloud security (Azure Security stack)
Knowledge of threat detection, incident response, and security operations
Relevant certifications such as:
Microsoft Certified: Security Operations Analyst (SC-200)
Microsoft Certified: Azure Security Engineer (AZ-500)
