Microsoft Sentinel Content Developer

As a Microsoft Sentinel Content Developer, you will play a crucial role in log parsing, normalization, detection rule migration, content development, collaboration, and documentation. Your responsibilities will include: - Log Parsing & Normalization: - Perform parsing and normalization of logs at the Datadog observability pipeline level. - Create and manage Data Collection Rules (DCRs) in Microsoft Sentinel with custom parsing and transformation logic. - Map logs to Microsoft Sentinel Normalized Schema (ASIM) where applicable. - Ensure high-quality, structured data ingestion for effective detection and investigation. - Detection Rule Migration: - Analyze and understand existing Splunk detection rules written in SPL. - Translate and migrate detection logic into Microsoft Sentinel analytic rules using KQL. - Optimize rules for performance, accuracy, and minimal false positives. - Content Development: - Develop and maintain custom analytic rules, hunting queries, and workbooks in Sentinel. - Collaborate with threat detection teams to build use cases aligned with MITRE ATT&CK and other frameworks. - Collaboration & Documentation: - Work closely with SOC, engineering, and cloud teams to understand log sources and detection requirements. - Document parsing logic, rule mappings, and enrichment strategies for operational transparency. Required Skills: - Strong experience with Microsoft Sentinel, KQL, and Data Collection Rules (DCR). - Hands-on experience with Splunk SPL and detection rule development. - Familiarity with Datadog log formats and observability pipelines. - Understanding of ASIM schema, Microsoft Defender XDR, and Sentinel connectors. - Experience with log enrichment, GeoIP, and custom field mapping. - Ability to work independently and take ownership of content development tasks. Preferred Qualifications: - Microsoft certifications (e.g., SC-200, AZ-500). - Knowledge of threat detection frameworks (MITRE ATT&CK, CIS, etc.). - Familiarity with CI/CD pipelines for Sentinel content deployment. You will be part of a company that balances innovation with a friendly culture and the support of a long-established parent company known for its ethical reputation. The company guides customers through digital challenges by unlocking the value of their data and applications, benefiting both business and society.,