Job Summary:
We are seeking a highly skilledL3 Microsoft Sentinel Security SMEto manage and improve the organization's security infrastructure using Microsoft Sentinel. The ideal candidate will have a deep understanding of security engineering knowledge where he/she will implement & manage Microsoft Sentinel tool and its key features.
Key Responsibilities:
- Microsoft Sentinel Administration:
- Configure, deploy, and manage Microsoft Sentinel in a production environment.
- Onboard new data sources and ensure data ingestion meets compliance standards.
- Manage and optimize Sentinel analytics rules, playbooks, and workbooks.
- Fine-tuning of false positive alerts/incidents.
- Automation to reduce manual efforts.
- Automation and Playbooks:
- Develop and manage Logic Apps to automate responses to security incidents.
- Continuously improve automation workflows for threat detection and mitigation.
- Threat Hunting and Analysis:
- Proactively hunt for advanced threats using KQL (Kusto Query Language).
- Develop advanced detection rules and alerts for suspicious activity.
- Analyze and triage security events from various data sources.
- Collaboration and Reporting:
- Collaborate with IT, DevOps, and SOC teams to strengthen security postures.
- Generate detailed reports and dashboards for stakeholders.
- Provide recommendations for security enhancements and risk mitigation.
- Compliance and Best Practices:
- Ensure compliance with organizational and industry standards (ISO 27001, GDPR, etc.).
- Stay updated on emerging threats, vulnerabilities, and technologies.
- Required Skills and Qualifications:
- Education: Bachelor's degree in Cybersecurity, IT, or related field (or equivalent experience).
- Experience:
- 7+ years in cybersecurity, with at least 3+ years specializing in Microsoft Sentinel.
- Strong experience with SOC operations and incident handling.
- Technical Skills:
- Proficiency in KQL (Kusto Query Language) for Sentinel.
- Strong understanding of SIEM tools and processes.
- Hands-on experience with Azure services, including Azure Monitor, Logic Apps, and Defender services.
- Familiarity with threat intelligence platforms and their integration with Sentinel.
- Custom Log integration & log parsing.
- Content development.
Certifications:
- Microsoft Security, Compliance, and Identity Fundamentals (SC-900).
- Microsoft Security Operations Analyst (SC-200) Preferred.
- Azure Security Engineer Associate Preferred.
Soft Skills:
- Strong analytical and problem-solving skills.
- Excellent verbal and written communication.
- Ability to work collaboratively with cross-functional teams.
