TC-CS-Cyber Detection and Response-Sentinel-Manager

We are looking for an experienced Cyber Detection and Response Manager with expertise in Sentinel to join our Cybersecurity team. The ideal candidate will be responsible for leading and managing the detection and response operations, particularly focusing on the Sentinel platform. You will oversee cybersecurity operations, ensuring effective monitoring, investigation, and response to potential threats while collaborating with other security teams to enhance overall security posture.

• Cyber Detection Response Leadership:
• Lead the Cyber Detection and Response team, driving efforts to detect, analyze, and respond to cybersecurity incidents using Microsoft Sentinel and other SIEM tools.
• Incident Management:
• Oversee the investigation and resolution of cybersecurity incidents, including gathering evidence, analyzing threats, and developing remediation strategies.
• Sentinel Platform Expertise:
• Manage the Sentinel platform, ensuring the platform is effectively integrated with existing security infrastructure, providing visibility into security events across the environment.
• Threat Detection Analytics:
• Enhance detection capabilities using Sentinels KQL queries, custom alerts, and machine learning to identify anomalies and potential threats.
• Response Playbooks Automation:
• Develop, manage, and continuously improve incident response playbooks, ensuring automated response procedures are in place to mitigate threats quickly.
• Collaboration Communication:
• Collaborate with other security teams, IT, and operations teams to share intelligence, improve detection methods, and ensure timely responses to emerging threats.
• Metrics Reporting:
• Establish and monitor key performance indicators (KPIs) for the detection and response team to track effectiveness, providing regular updates and reports to senior management.
• Threat Intelligence:
• Leverage threat intelligence feeds and sources to stay updated on emerging threats and integrate this intelligence into the detection and response capabilities.
• Training Development:
• Mentor and train team members, fostering a continuous learning environment while ensuring that the team is well-equipped to handle new cybersecurity challenges.
• Compliance Documentation:
• Ensure detection and response processes comply with industry regulations, company policies, and best practices. Maintain accurate documentation related to incident investigations and resolutions.

• Experience:
• 5+ years of experience in cybersecurity, with a focus on incident detection and response, using SIEM tools (particularly Microsoft Sentinel).
• Technical Expertise:
• Strong understanding of Microsoft Sentinel, including KQL (Kusto Query Language), alert management, and security operations processes.
• Familiarity with other security tools such as Azure Security Center, Microsoft Defender, and SIEM tools like Splunk.
• Experience in incident detection, response, and remediation in large, complex environments.
• In-depth knowledge of cybersecurity frameworks (e.g., NIST, CIS, MITRE ATTCK).
• Strong background in network security, endpoint protection, and cloud security.
• Understanding of incident response playbooks and automation strategies.
• Familiarity with threat intelligence feeds and using them for detection enhancement.
• Soft Skills:
• Excellent leadership, communication, and organizational skills.
• Strong analytical and problem-solving skills, with the ability to think critically under pressure.
• Ability to work collaboratively in cross-functional teams.
• Strong decision-making skills with the ability to manage time and priorities effectively.

• Certifications:
• CISSP, CISM, CEH, GIAC certifications are highly desirable.
• Microsoft Certified: Azure Security Engineer Associate or similar Azure-based security certifications.
• Experience with Cloud Security:
• Familiarity with Azure, AWS, and Google Cloud Platform security tools and best practices.
• Automation Skills:
• Experience with PowerShell scripting or Azure Logic Apps for automating security operations and incident response tasks.