SecOps Engineer

Key Responsibilities

Shift Leadership & Incident Response

• Lead SOC shifts: manage alert queues, assign cases, ensure SLA compliance, and deliver quality handovers.
• Investigate and respond to advanced threats using

  Microsoft Defender for Endpoint

  and

  Microsoft Sentinel

  .
• Execute incident response playbooks and document RCA for continuous improvement.

Threat Hunting & Detection Engineering

• Conduct hypothesis-driven hunts based on MITRE ATT&CK techniques, threat intel, and behavioral anomalies.
• Develop and tune detection rules in

  Microsoft Sentinel

  (KQL queries) and

  Defender for Endpoint

  policies.
• Maintain hunt logs, coverage maps, and detection health dashboards.

EDR & SIEM Operations

• Administer and optimize

  Microsoft Defender for Endpoint

  and

  Microsoft Sentinel

  for maximum detection fidelity.
• Build dashboards, correlation searches, and automation workflows to reduce MTTD/MTTR.
• Ensure telemetry quality: data onboarding, parsing, enrichment, and retention.

Reporting & Stakeholder Communication

• Prepare and present threat hunt findings, detection coverage reports, and incident trends to leadership.
• Translate technical insights into actionable recommendations for executives.

Required Qualifications

• 5–8 years

  in Security Operations / Threat Hunting / Detection Engineering.
• Hands-on experience with

  Microsoft Sentinel

  (KQL queries, dashboards) and

  Microsoft Defender for Endpoint

  .
• Proven

  Shift Lead

  experience in a 24×7 SOC environment.
• Strong understanding of MITRE ATT&CK, threat intel, and adversary TTPs.
• Excellent communication and reporting skills for executive-level presentations.

Nice-to-Have

• Experience with SOAR automation in Microsoft Sentinel.
• Familiarity with cloud telemetry (Azure/M365).
• Scripting (PowerShell/Python) for hunt automation and enrichment.
• Certifications:

  SC-200

  ,

  SC-300

  ,

  Security+

  ,

  CySA+

  ,

  GCIA/GCIH

  .

Tools & Technologies

• SIEM:

  Microsoft Sentinel

• EDR:

  Microsoft Defender for Endpoint

• Threat Frameworks:

  MITRE ATT&CK, D3FEND

• Automation:

  PowerShell, Python

KPIs

• Number of successful hunts and new detections authored
• Reduction in MTTD/MTTR for advanced threats
• Detection coverage improvements (mapped to ATT&CK)
• False positive reduction and alert fidelity