Security Sentinel L3 Analyst / Engineer

Job Title: Security Sentinel L3 Analyst / Engineer

Job Summary:

We are seeking an experienced Security Sentinel L3 Analyst/Engineer to join our advanced cybersecurity team. As an L3 Security Sentinel specialist, you will take ownership of complex security incidents, provide expert guidance on threat detection and response, and optimize the performance of our Microsoft Sentinel (Azure Sentinel) SIEM platform. You will also play a key role in mentoring junior team members and ensuring the overall health and effectiveness of our security operations.

Key Responsibilities:

• Advanced Incident Detection & Response:

Lead efforts in detecting, analyzing, and responding to complex security incidents using Microsoft Sentinel (Azure Sentinel).

• Take ownership of escalated alerts and high-priority security incidents, performing in-depth investigations and implementing remediation strategies.
• Analyze security data from multiple sources (e.g., logs, network traffic, endpoints) to identify patterns, anomalies, and potential threats.
• Threat Hunting & Analysis:
• Proactively conduct advanced threat hunting across the environment using Sentinel's advanced analytics and threat intelligence feeds.
• Develop custom detection rules, queries, and alerts in Microsoft Sentinel to improve threat detection capabilities.
• Identify new and emerging attack tactics, techniques, and procedures (TTPs) and develop detection strategies to address them.
• SIEM Optimization & Tuning:
• Continuously improve and optimize Microsoft Sentinel configurations, ensuring efficient data ingestion, rule tuning, and alert management.
• Troubleshoot and resolve any performance or operational issues within the Sentinel platform to ensure its optimal functioning.
• Conduct periodic reviews and refinements of the Sentinel deployment to ensure it is aligned with changing threat landscapes and organizational requirements.
• Incident Management & Escalation:
• Lead critical incident response activities, collaborating with cross-functional teams to contain, mitigate, and recover from security breaches.
• Provide guidance to L1 and L2 analysts on how to properly escalate incidents and manage alert triage and investigation.
• Ensure timely and accurate incident reporting, documentation, and post-incident analysis to identify improvements.
• Mentorship & Knowledge Transfer:
• Provide mentorship and training to junior security analysts (L1 and L2), helping them to grow their skills in threat detection, incident response, and security monitoring.
• Lead internal knowledge-sharing sessions, creating documentation and best practices for Sentinel and other security tools.
• Automation & Scripting:
• Develop and implement automation playbooks within Microsoft Sentinel for incident response, alerting, and remediation processes.
• Use scripting languages (e.g., PowerShell, Python) to automate tasks, improve security operations, and reduce manual workload.
• Collaboration & Reporting:
• Work closely with other security teams (e.g., incident response, vulnerability management, forensics) to ensure comprehensive security posture and fast incident resolution.
• Prepare detailed reports and provide actionable recommendations to senior leadership on security incidents, vulnerabilities, and improvements.
• Continuous Improvement:
• Stay up to date with the latest cybersecurity trends, threats, and attack techniques to continuously refine detection and response strategies.
• Contribute to improving overall security operations by suggesting improvements to processes, workflows, and tools.

Skills & Qualifications:

• Experience:
• Minimum of 5+ years of experience in cybersecurity, with at least 3 years in a security operations role, focusing on SIEM tools such as Microsoft Sentinel.
• Proven experience leading to complex security incidents and providing expert-level analysis and remediation.
• Technical Expertise:
• Deep understanding of Microsoft Sentinel and other SIEM tools (e.g., Splunk, QRadar).
• Strong knowledge of threat detection methodologies, attack vectors, and incident management.
• Hands-on experience with cloud security (Azure, AWS), network security, and endpoint protection.
• Advanced understanding of security automation and orchestration, including scripting (PowerShell, Python, etc.).
• Certifications:
• Microsoft Certified: Azure Security Engineer or Microsoft Certified: Azure Sentinel.
• Other relevant cybersecurity certifications such as CISSP, CEH, or GIAC Security Essentials (GSEC).
• Soft Skills:
• Excellent analytical, problem-solving, and critical thinking skills.
• Strong communication skills, both written and verbal, with the ability to communicate technical information to non-technical stakeholders.
• Ability to mentor and lead a team of security analysts, promoting a culture of continuous learning.
• Preferred Experience:
• Experience in advanced persistent threat (APT) detection and response.
• Knowledge of compliance frameworks (e.g., PCI-DSS, HIPAA, GDPR) and experience managing security compliance in a cloud environment.
• Familiarity with scripting languages and security orchestration platforms (e.g., SOAR tools).