Key Responsibilities :

Security Monitoring & Incident Response :

- Perform real-time security monitoring, threat detection, and incident response using SIEM tools such as Azure Sentinel.

- Respond to and investigate security alerts escalated by Managed Security Service Providers (MSSPs) and internal systems.

- Create, refine, and maintain Incident Response (IR) Playbooks and Standard Operating Procedures (SOPs).

- Conduct post-incident reviews, root cause analysis, and lessons learned sessions to improve response capabilities.

- Independently generate incident reports and ensure documentation of all findings.

Technical Support & Collaboration :

- Provide L2/L3 support for security tools including Microsoft Defender for Endpoint, Defender for Server, and Office 365 Security.

- Assist in managing Azure Active Directory, Intune MDM/MAM, Conditional Access Policies, and Multifactor Authentication (MFA).

- Work closely with IT managers and end-users across Halma and its subsidiary companies to raise awareness and identify training opportunities.

Knowledge Base & Best Practices :

- Create and maintain Knowledge Base (KB) articles and ensure documentation of best practices for security operations.

- Maintain up-to-date knowledge of current threats, attack vectors, and industry best practices.

Technical Skills & Tools :

Security Technologies :

- SIEM : Azure Sentinel (mandatory), Splunk (plus)

- EDR/XDR : Microsoft Defender for Endpoint, Microsoft Defender for Server

- Email Security : Office 365 ATP / Defender for Office 365

- IAM & Device Management : Azure AD, Intune (MDM/MAM/Conditional Access), MFA, SSO

Scripting & Querying :

- KQL (Kusto Query Language) for querying logs and threat hunting in Azure Sentinel