Siem Engineer | Azure Sentinel | Content Engineering

Role & responsibilities

• Develop and implement custom analytics rules within Microsoft Sentinel to identify security threats and anomalies.
• Leverage KQL and other tools to create custom detection on Microsoft Defender XDR MDE & MDCA.
• Create advanced detection rules based on business requirements & SOC Use Cases.
• Work with SIEM and SOAR solutions at scale.
• Collaborate with other security teams to identify and prioritize security requirements and develop effective solutions.
• Update the code (KQL) on analytical rule for finetuning the false positive incidents.
• Stay up to date with the latest security threats and trends and apply this knowledge to improve our security posture.
• Perform content enrichment depending on feedback received from security analysts.
• Have a strong understanding of Cloud Security and Networking Concepts and practices.
• Helps to create reports that properly present the key risk and performance indicators.
• Communicating & reporting concise summaries of complex scenarios & information across diverse and senior stakeholder groups.
• Design, maintain Content Management standard operating procedures (SOP), processes and guidelines.
• Report preparation for leads and management review with data from dashboards & reports.

Preferred candidate profile

• Strong understanding of JSON, Kusto Query Language (KQL) and PowerShell languages.
• Experience analyzing data from cybersecurity monitoring tools such as SIEM / SOAR platforms, host and network logs, firewall and IPS/IDS logs and email security gateway.
• Strong understanding of security operations concepts: perimeter defense, endpoint management, data leak prevention, kill chain analysis and security metrics.
• Knowledge of the common attack vectors on various layers.
• Knowledge and experience working with the Cyber Kill Chain Model, MITER ATT&CK Matrix.
• Experience with Security Operations Center, SIEM management & solutions ownership.
• Knowledge of various security methodologies and technical security solutions.
• Conduct an audit of the platform configuration to optimize it.
• Optimizing the way logs are processed and leveraged by SOC team members.
• Knowledge on schemas of Microsoft Defender XDR solutions (Microsoft Entra ID and ID protection, Microsoft Defender for Endpoint, Microsoft Defender for Cloud apps, Microsoft Purview Information Protection) and Microsoft 365.
• Knowledge of schemas with security events logs from Microsoft windows server.
• Experience of working within a regulatory/controlled environment.
• Understanding of Cyber Security Risk and mitigation strategies.