MS Sentinel/MS Defender

Role & responsibilities

Preferred candidate profile

Candidate should have experience in MS sentinel & MS Defender.

• Well-versed in Microsoft Security Products, including MS Defender for Endpoint, Cloud, Identity, AV, and MS Sentinel.
• Knowledge of Incident Response frameworks knowledge (NIST, MITRE ATT&CK, Cyber Kill Chain)
• C-SOC Level 2 Analysts are responsible for advanced incident response activities, comprehensive log analysis, and detailed incident reporting.
• Skilled in utilizing tools to enhance the efficiency of Incident Response within a SOC.
• Experienced with THOR Scanner, VMRay, and Recorded Future Sandbox is a plus.
• Knowledgeable in Application, Cloud, and Infrastructure security, including Firewalls, Proxies, and Web Application Firewalls (WAF).
• Must be willing to provide support and be flexible to work in 24/7 rotational shifts, including weekends.

Technical Knowledge:

• Proficient in using advanced tools to detect and analyze sophisticated threats.
• Capable of conducting in-depth technical analyses of incidents, providing detailed technical information.
• Experienced in documenting and analyzing incident timelines and events.
• Skilled in reviewing and analyzing user access logs to identify unauthorized or suspicious activities.
• Proficient in analyzing email logs to trace phishing attacks, spoofed messages, and other email-related threats.
• Expertise in using SIEM (Security Information and Event Management) systems, IDS/IPS (Intrusion Detection/Prevention Systems), and other security monitoring tools.
• Experienced in using sandbox environments to safely analyze and understand malware behaviour.
• Able to provide technical feedback to internal security teams.
• Strong analytical skills to interpret complex datasets and identify patterns indicative of security threats.
• Support mail security during incidents by collaborating with L3-Mail-Security and Mail Teams to address issues such as spoofed messages and other email threats.
• Skilled in refining and tuning alerting systems based on insights from incident investigations to reduce false positives and enhance detection capabilities.
• Responsible for maintaining and managing the SOC Knowledgebase, including playbooks, processes, and contacts.
• Collaborate with the Cyber Incident Response (CIR) Service for activation and incident management.