Email Security SME (MDO)

Role: Email Security SME (Microsoft Defender for O365)

Company: Silicon Comnet Pvt. Ltd.

Location: Noida, India

Mode: Work from office

Notice: Immediate to 15 days Max.

JD:

• Lead the investigation of high and critical severity email security incidents flagged by Microsoft Defender for Office 365 (MDO).
• Correlate alerts across Defender XDR (including Defender for Endpoint, Identity, and Cloud Apps) to build a complete incident storyline.
• Use automated investigation and response (AIR) playbooks to identify impacted entities and take containment actions such as:

- Soft-deleting malicious emails.

- Removing suspicious inbox rules.

- Blocking sender domains or URLs

• Perform forensic analysis of phishing, spoofing, and business email compromise (BEC) attacks.
• Document root cause analysis (RCA) and lessons learned for each incident
• Identify gaps in detection logic and recommend improvements to SIEM and SOAR teams.
• Support in Providing recommendation for fine-tuning MDO policies such as anti-phishing, anti-spam, and safe links/safe attachments.
• Collaborate with Microsoft Premier Support for platform-level bugs or advanced troubleshooting
• Engage with the Microsoft DART team when sanctioned by the customer for deep-dive investigations
• Update incident status in ServiceNow tool and ensure timely communication with stakeholders
• Participate in CSIRT bridges and coordinate with customer Cyber Defense teams and Rapid Response Teams (RRTs)
• Contribute to weekly/monthly dashboards and SLA/KPI reporting
• Implement learnings from past incidents to prevent recurrence
• Participate in quarterly tuning sessions and transformation workshops

Email - kirti.rustagi@siliconcomnet.com