Position:
Full-Time Location:
Remote Start Date:
ASAP
Nationality:
Any
Windows Management Experts (WME) is looking for a Microsoft Sentinel Engineer Role for one of our valued clients. The selected candidate will Implement and configure Microsoft Sentinel, a cloud-native Security Information and Event Management (SIEM) solution, to collect, aggregate, and analyze security events from various sources.
As a Microsoft Sentinel Engineer, you will conduct a thorough analysis of security events and incidents using Microsoft Sentinel’s built-in query language (KQL) to investigate and identify root causes of security breaches. You’ll also manage security data sources and connectors in Microsoft Sentinel, including configuring data collection and normalization settings for various log sources such as Azure Active Directory, Azure Sentinel, Azure Firewall, and more.
Moreover, you should have deep expertise in creating and customizing advanced hunting queries in Sentinel to identify and investigate security threats and incidents. Also, they should have familiarity with regulatory compliance requirements, such as GDPR, HIPAA, and PCI DSS, and the ability to configure Sentinel to meet compliance obligations.
With a strong understanding of threat intelligence and integration of threat feeds into Microsoft Sentinel for proactive threat hunting and incident detection, the candidate should have demonstrated proficiency in using Azure Log Analytics to analyze and visualize security data, create custom dashboards, and generate reports for security monitoring and reporting.
All in all, WME is looking for some exceptional communication and interpersonal skills in our new team member. The candidate’s toolbox must be diverse & complete. From being technically savvy to displaying a vigorous passion for learning beyond their traditional areas of expertise, the resource must prove to be an asset to the company.
Required Skills/Qualifications/Education:
- Bachelor’s degree in Computer Science or equivalent experience.
- Deep understanding of Microsoft Sentinel architecture, including components such as data connectors, workspaces, playbooks, and hunting queries.
- Proficient in designing, configuring, and implementing Microsoft Sentinel solutions to collect, analyze, and respond to security events and incidents.
- Experience with Microsoft Azure Cloud platform, including Azure Sentinel deployment and configuration, data source integration, and automation using Azure Logic Apps.
- Strong knowledge of security technologies and concepts, such as Security Information and Event Management (SIEM), Security Operations Center (SOC), threat hunting, incident response, and security analytics.
- Expertise in configuring and managing data connectors for various security data sources, such as Azure Security Center, Microsoft 365 Defender, Azure Active Directory, Azure Firewall, and third-party security solutions.
- Ability to create and manage security incidents, alerts, and rules in Microsoft Sentinel to detect, triage, and respond to security events.
- Experience with creating and customizing playbooks in Microsoft Sentinel to automate security response actions, such as sending notifications, blocking IPs, and running remediation scripts.
- Experience with Azure Sentinel incident management and tracking, including incident escalation, assignment, and resolution.
- Proficient in using Azure Monitor and Azure Security Center in conjunction with Microsoft Sentinel for comprehensive security monitoring and threat detection across cloud and on-premises environments.
- Ability to create and manage security baselines, customized analytics, and alert suppression rules in Sentinel to optimize security monitoring and reduce false positives.
- Ability to remain cooperative and professional in stressful situations.
- Working experience in a 24×7 environment.
- Well-organized personality with great attention to minimalistic details.
Responsibilities of the Desired Microsoft Sentinel Engineer Role:
- Design, develop, and maintain custom alert rules and detection logic in Microsoft Sentinel to detect and respond to security threats in real time.
- Develop and implement security playbooks in Microsoft Sentinel to automate security incident response processes, including creating incidents, triggering notifications, and executing remediation actions.
- Collaborate with other security teams, such as Security Operations Center (SOC) analysts and incident response teams, to provide technical expertise in identifying and resolving security incidents using Microsoft Sentinel.
- Participate in threat-hunting activities using Sentinel to proactively search for indicators of compromise (IOCs) and potential security threats within the organization’s environment.
- Develops strong working relationships with support teams, management, and cross-functional working groups.
- Provides operational support such as training and documentation.
- Forward-thinking to identify upcoming trends and security best practices.
- Identifies gaps in controls, processes, and systems and recommends solutions.
- Manage and maintain Microsoft Sentinel’s security analytics rules, including regularly reviewing and fine-tuning detection logic to optimize detection accuracy and reduce false positives/negatives.
- Conduct regular security assessments and audits of Microsoft Sentinel’s configuration and performance.
- Provide technical guidance and support to other members of the security team, including training on advanced features and functionalities.
- Stay up to date with the latest threat intelligence, security trends, and Microsoft Sentinel updates.
- Troubleshoot technical issues including investigating and resolving data ingestion failures, query performance issues, and other operational challenges.
- Design and implement custom dashboards, visualizations, and reports in Microsoft Sentinel to provide meaningful insights into security events and incidents for various stakeholders, including executives, auditors, and regulators.
- Participate in incident response and forensics investigations using Microsoft Sentinel, including conducting deep-dive analysis of security incidents, documenting findings, and providing recommendations for improving security controls.
Core Values:
- Integrity (Doing What’s Right)
- Inclusion (Encouraging Diversity)
- Teamwork (Working Together)
- Excellence (Being Your Best)
- Accountability (Taking Personal Responsibility)
Disclaimer
All the qualified applicants will receive due consideration for employment without any regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.