Flentas helps enterprises leverage the full potential of the Cloud through consulting and implementation services. As an organization, Flentas brings strong technology expertise and hands-on experience to drive large-scale digital transformation initiatives and scale cloud operations. We serve clients globally, supported by a passionate team of experienced Solution Architects and Technology Enthusiasts.

Job Title
:
SecOps Engineer (L2)

Location
:
Pune, India (Hybrid)

Experience
:
4+ Years

Role Overview
:

As a SecOps L2 Engineer, you will be the technical escalation point for security incidents across our Microsoft cloud estate. You will be responsible for proactive threat hunting, fine-tuning detection rules, and automating responses to safeguard our Azure infrastructure and M365 environment. This role requires a deep understanding of the Microsoft Unified Security Stack.

Key Responsibilities
:

- Incident Response & Escalation
:
Act as the Tier 2 lead for investigating complex security alerts escalated by L1. Perform deep-dive forensics on compromised identities, endpoints, and cloud resources.

- Sentinel Management
:
Manage and optimize Microsoft Sentinel (SIEM/SOAR). Write and refine Kusto Query Language (KQL) for custom detection rules, workbooks, and hunting queries.

- M365 Security Operations
:
Monitor and remediate threats within Microsoft 365 Defender, including
:

1. Defender for Endpoint
:
EDR/XDR response and vulnerability management.

2. Defender for Office 365
:
Investigating sophisticated phishing and BEC attacks.

3. Defender for Identity
:
Monitoring lateral movement and AD/Entra ID threats.

- Azure Infrastructure Security
:
Utilize Microsoft Defender for Cloud to maintain cloud security posture (CSPM) and protect workloads (CWPP) across subscriptions.

- Automation & Orchestration
:
Build and maintain Sentinel Playbooks (Logic Apps) to automate repetitive remediation tasks and reduce Mean Time to Respond (MTTR).

- Identity Security
:
Monitor Microsoft Entra ID (formerly Azure AD) for risky sign-ins, manage Conditional Access policy triggers, and oversee Privileged Identity Management (PIM) alerts.

Technical Requirements :

- SIEM/SOAR
:
Expert-level experience with Microsoft Sentinel and KQL.

- Cloud Platform
:
Strong hands-on experience with Azure Security Center / Defender for Cloud.

- M365 Suite
:
Deep knowledge of the Microsoft 365 Defender portal and Purview (for data loss prevention).

- Identity
:
Proficiency in Microsoft Entra ID, including Identity Protection and Governance.

- Scripting
:
Ability to automate tasks using PowerShell or Python.

- Network Security
:
Understanding of Azure Firewall, NSGs, and WAF logs.

Preferred Certifications :

- AZ-500
:
Microsoft Azure Security Technologies.

- SC-200
:
Microsoft Security Operations Analyst.

- SC-300
:
Microsoft Identity and Access Administrator.

Preferred Soft Skills :

- Strong analytical mindset with a focus on "connecting the dots" between disparate alerts.

- Excellent communication skills for documenting incidents and collaborating with DevOps/Infrastructure teams.

- Ability to work in a 24/7 rotational environment if required.