Security Engineer - Sentinel

Description :

We are seeking a Microsoft Sentinel Engineer / SOC Analyst (L2/L3) with hands-on experience in end-to-end Sentinel implementation along with SOC operations. The candidate will be responsible for onboarding data sources, building detections, automating response, and handling security incidents.

Key Responsibilities :

Sentinel Implementation (Mandatory) :

- Deploy and configure Microsoft Sentinel in Azure environment

- Connect and onboard data sources :

a. Azure AD, Office 365, Defender, Firewalls, Servers, AWS/GCP logs

- Build and optimize :

a. Analytics Rules (Scheduled & NRT)

b. KQL-based detection queries

- Develop Workbooks and Dashboards

- Configure Data Connectors & Log ingestion pipelines

- Implement UEBA & threat intelligence integration

- Cost optimization & log retention strategy

SOC Operations (L2/L3) :

- Monitor and investigate incidents in Sentinel

- Perform threat hunting using KQL

- Incident triage, analysis, and response

- Work on :

a. Phishing

b. Malware

c. Insider threats

d. Suspicious logins

- Tune alerts to reduce false positives

- Perform root cause analysis (RCA)

- Work with IR teams for escalation

Automation & Integration :

- Develop Playbooks using Logic Apps

- Automate incident response workflows

- Integrate Sentinel with :

a. SOAR tools

b. ITSM tools (ServiceNow)

Required Skills :

- Strong experience in Microsoft Sentinel (Implementation + Ops)

- Hands-on with KQL (Kusto Query Language)

- Azure services : Log Analytics, Azure AD, Defender

- SOC experience (L2/L3 preferred)

- Threat detection & incident response

- Knowledge of MITRE ATT&CK framework