Job Title : SecOps Engineer (L2)

Location : Pune, India (Hybrid)

Experience : 4+ Years

Role Overview :

As a SecOps L2 Engineer, you will be the technical escalation point for security incidents across our Microsoft cloud estate.

You will be responsible for proactive threat hunting, fine-tuning detection rules, and automating responses to safeguard our Azure infrastructure and M365 environment. This role requires a deep understanding of the Microsoft Unified Security Stack.

Key Responsibilities :

- Incident Response & Escalation : Act as the Tier 2 lead for investigating complex security alerts escalated by L1.

- Perform deep-dive forensics on compromised identities, endpoints, and cloud resources.

- Sentinel Management : Manage and optimize Microsoft Sentinel (SIEM/SOAR).

- Write and refine Kusto Query Language (KQL) for custom detection rules, workbooks, and hunting queries.

- M365 Security Operations : Monitor and remediate threats within Microsoft 365 Defender, including :

a. Defender for Endpoint : EDR/XDR response and vulnerability management.

b. Defender for Office 365 : Investigating sophisticated phishing and BEC attacks.

c. Defender for Identity : Monitoring lateral movement and AD/Entra ID threats.

- Azure Infrastructure Security : Utilize Microsoft Defender for Cloud to maintain cloud security posture (CSPM) and protect workloads (CWPP) across subscriptions.

- Automation & Orchestration : Build and maintain Sentinel Playbooks (Logic Apps) to automate repetitive remediation tasks and reduce Mean Time to Respond (MTTR).

- Identity Security : Monitor Microsoft Entra ID (formerly Azure AD) for risky sign-ins, manage Conditional Access policy triggers, and oversee Privileged Identity Management (PIM) alerts.

Technical Requirements :

- SIEM/SOAR : Expert-level experience with Microsoft Sentinel and KQL.

- Cloud Platform : Strong hands-on experience with Azure Security Center / Defender for Cloud.

- M365 Suite : Deep knowledge of the Microsoft 365 Defender portal and Purview (for data loss prevention).

- Identity : Proficiency in Microsoft Entra ID, including Identity Protection and Governance.

- Scripting : Ability to automate tasks using PowerShell or Python.

- Network Security : Understanding of Azure Firewall, NSGs, and WAF logs.

Preferred Certifications :

- AZ-500 : Microsoft Azure Security Technologies.

- SC-200 : Microsoft Security Operations Analyst.

- SC-300 : Microsoft Identity and Access Administrator.

Preferred Soft Skills :

- Strong analytical mindset with a focus on "connecting the dots" between disparate alerts.

- Excellent communication skills for documenting incidents and collaborating with DevOps/Infrastructure teams.

- Ability to work in a 24/7 rotational environment if required.

Note : The candidate should also have experience in Azure cloud services and Direct customer communication