Senior Cloud Security Engineer Microsoft Sentinel & Threat Hunting

Senior Cloud Security Engineer

Key Responsibilities

• Microsoft Sentinel Deployment & Configuration:

  Lead the deployment and configuration of

  Microsoft Sentinel

  and its dependent resources, ensuring optimal setup for security monitoring.

• Data Integration:

  Integrate diverse data sources into the SIEM (Security Information and Event Management) for holistic threat visibility across the enterprise.

• Query & Alert Development:

  Develop advanced

  KQL (Kusto Query Language) queries

  and build sophisticated analytical rules and alerts within Sentinel for effective threat detection.

• Use Case Implementation:

  Design and implement security use cases meticulously aligned to industry-recognized frameworks such as

  NIST (National Institute of Standards and Technology)

  and

  MITRE ATT&CK

  .

• SOAR Workflow Automation:

  Build

  SOAR (Security Orchestration, Automation, and Response) workflows

  using

  Azure Logic Apps

  for automated incident response and efficient security operations.

• Threat Hunting & Simulation:

  Proactively perform

  threat hunting

  exercises and simulate non-invasive attacks based on observed Tactics, Techniques, and Procedures (TTPs) and known threat actor behavior.

• Incident Response:

  Conduct in-depth forensic analysis, root cause analysis (RCA), and efficient incident triage for security incidents.

• Threat Intelligence Utilization:

  Leverage threat intelligence feeds for proactive defense and to refine detection strategies.

• Reporting & Metrics:

  Create and maintain comprehensive KPI dashboards and reporting metrics for various stakeholders, providing clear insights into the security posture.

• Proof of Concepts (PoCs):

  Build

  Proof of Concepts (PoCs)

  for domain-specific security implementations, demonstrating feasibility and value.

• EDR & CASB Management:

  Utilize and maintain

  EDR (Endpoint Detection and Response) and CASB (Cloud Access Security Broker) tools

  , with a preference for

  Microsoft Defender ATP

  .

• Hybrid/Multi-Cloud Security:

  Maintain and enhance security posture in complex

  hybrid and multi-cloud environments

  (Azure, AWS, GCP).

• Custom Security Objects:

  Create custom

  security policies, dashboards, and workbooks in Sentinel

  to tailor monitoring and reporting.

• Compliance Support:

  Participate in

  compliance control strategies

  (e.g., PCI, PII) using

  Azure Automation

  to ensure regulatory adherence.

• CSPM Support:

  Support

  Cloud Security Posture Management (CSPM) tool testing

  and policy scoring to identify and remediate cloud misconfigurations.

• Report Generation:

  Support in

  report generation

  (daily, weekly, quarterly, annually) for various stakeholders, providing clear and actionable insights.

Technical Skills & Experience

• Core Security Fundamentals:

  Deep understanding of

  Active Directory, DNS Security, Network Protocols, Web Technologies, TLS, and Firewalls

  .

• EDR Solutions:

  Proficient in

  EDR solutions

  , with a strong preference for

  Microsoft Defender ATP

  .

• Azure Cloud Security:

  Extensive hands-on experience with

  Azure cloud security technologies

  , including but not limited to Defender for Cloud, Defender for Identity, Defender for Office 365, Azure Security Center, Azure Firewall, and Azure Network Security Groups.

• Multi-Cloud Exposure:

  Exposure to

  GCP

  (e.g., Security Command Center, Confidential Computing) and

  AWS

  (e.g., Security Hub, GuardDuty, Macie) is a significant plus.

• Scripting:

  Proficient in

  PowerShell, Bash, Python scripting

  (preferred but not mandatory for all aspects of the role).

• IT Forensics:

  Knowledge of

  IT Forensics tools, techniques, and methodologies

  for incident investigation.

• Policy & Automation:

  Experience in

  policy creation, dashboarding, and process automation

  within security tools.

Good to Have

• Exposure to

  Cloud App Security, Azure Key Vault, Confidential Computing, AWS Shield

  , and other advanced cloud security services.
• Industry certifications like

  AZ-500 (Microsoft Azure Security Technologies), SC-200 (Microsoft Security Operations Analyst), AWS Certified Security - Specialty

  , etc.
• Experience with

  setting up SOC processes

  or impleme