Security Engineer

Job Description

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NA Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary: We are seeking a highly skilled and experienced Senior Threat Hunter with deep expertise in Microsoft Sentinel and Microsoft Defender for Endpoint (MDE). The ideal candidate will excel in advanced KQL query writing, hypothesis-driven hunting, detection engineering, and data visualization using Sentinel Notebooks and Workbooks. This role plays a critical part in proactively identifying threats, tuning detection logic, and enhancing our overall threat hunting capabilities. Key Responsibilities: - Write and optimize advanced KQL queries to detect malicious activities in Sentinel and MDE logs. - Conduct proactive threat hunting by forming hypotheses and correlating data across M365 Defender, Sentinel, and other sources. - Use Sentinel Notebooks (Azure ML/Log Analytics) and Workbooks to visualize hunt data and share findings with stakeholders. - Leverage MDE Advanced Hunting for in-depth endpoint telemetry analysis. - Integrate threat hunting with the MITRE ATT&CK framework, mapping TTPs and identifying gaps in coverage. - Collaborate with L3 analysts and detection engineers to fine-tune existing analytics rules and hunting queries. - Create and manage Sentinel Playbooks (Logic Apps) to automate threat response and investigation workflows. - Support continuous improvement of the threat detection lifecycle by contributing to new detection use cases and threat models. - Assist in Purple Team exercises and post-incident retrospectives by contributing hunt-driven insights. Professional & Technical Skills: - 5+ years of experience in cyber threat hunting, SOC operations, or detection engineering. - Strong proficiency in Kusto Query Language (KQL) with hands-on experience in Microsoft Sentinel and MDE. - In-depth knowledge of endpoint, network, and cloud telemetry (especially Microsoft ecosystem). - Experience using Sentinel Workbooks, Notebooks, and custom analytics rule creation. - Practical experience in hypothesis-driven threat hunting and developing custom detection rules. - Familiarity with MITRE ATT&CK framework and its use in mapping attacker TTPs. - Hands-on experience with Sentinel automation workflows using Logic Apps. - Microsoft SC-200: Microsoft Security Operations Analyst - Microsoft SC-100: Microsoft Cybersecurity Architect - GIAC GCFA/GCIA/GCED (or equivalent) - AZ-500: Microsoft Azure Security Technologies - OSCP (for offensive knowledge is a plus) Additional Information: - The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM). - This position is based at our Bengaluru office. - A 15 years full time education is required. 15 years full time education