Senior Security Operations Analyst (Sentinel Specialist)

Position Overview:

We are seeking a highly skilled Senior Security Operations Analyst with significant hands-on experience in Microsoft Sentinel, as well as proficiency in Intune and Microsoft Defender for Endpoint. The ideal candidate will possess a minimum of five years’ direct experience with Sentinel, alongside a robust working knowledge of both Windows and UNIX operating systems. Familiarity with the Microsoft 365 E5 product suite, expertise in Kusto Query Language (KQL), experience developing workbooks and logic apps, and a proven history of collaboration with Security Operations Center (SOC) teams are essential. This individual will play a vital role in tuning security offenses, conducting threat hunting activities, and contributing to the proactive defense of our digital assets.

Core Responsibilities:

·        Sentinel Expertise: Leverage at least five years of hands-on experience to manage, maintain, and optimize Microsoft Sentinel for security monitoring and incident response. Configure and fine-tune data connectors, analytics rules, and playbooks to increase detection capabilities and reduce false positives.

·        Intune and Microsoft Defender for Endpoint: Demonstrate medium-level experience implementing, administering, and troubleshooting Microsoft Intune and Defender for

Endpoint. Collaborate with IT and security teams to ensure endpoint security policies are enforced and devices are correctly enrolled, monitored, and protected.

·        Cross-Platform Security Operations: Apply familiarity with both Windows and UNIX operating systems to monitor, assess, and respond to threats in a heterogeneous environment. Analyze operating system logs and security events across diverse platforms to ensure comprehensive threat coverage.

·        Microsoft 365 E5 Product Suite: Utilize knowledge of M365 E5 products, including advanced security, compliance, and collaboration tools, to support and enhance security operations. Integrate Microsoft 365 telemetry and intelligence into Sentinel for comprehensive monitoring.

·        Kusto Query Language (KQL): Develop and maintain complex queries and detection logic using KQL to drive advanced threat detection and analytics in Sentinel. Continuously refine query logic to improve incident triage and investigation workflows.

·        Workbooks and Logic Apps: Design, implement, and optimize Sentinel workbooks for custom dashboards, reporting, and visualization of security data. Build and maintain automation workflows using Azure Logic Apps to streamline response activities and efficiently remediate threats.

·        SOC Collaboration and Threat Hunting: Actively engage with the SOC team to tune alerting rules, reduce noise, and ensure offenses are actionable. Lead or support proactive threat hunting missions using Sentinel and Defender for Endpoint telemetry, providing detailed analysis, documentation, and recommendations on findings.

·        Continuous Improvement: Stay abreast of evolving threat trends and advancements in security technologies. Participate in internal and external training to maintain and enhance skills pertinent to Sentinel, Intune, Defender for Endpoint, and related security domains.

·        Documentation and Knowledge Sharing: Author and maintain comprehensive documentation covering detection rules, incident response procedures, tuning activities, and lesson-learned reports. Contribute to the team's knowledge base and mentor junior analysts as required.

Required Qualifications:

·        Bachelor’s degree in Information Security, Computer Science, or a related field; or equivalent professional experience.

·        Minimum 5 years of direct, hands-on experience with Microsoft Sentinel, including configuration, rule development, alert tuning, and playbook automation.

·        Strong practical expertise in the use of Kusto Query Language (KQL) for security analytics and threat detection.

·        Medium-level experience with Microsoft Intune and Microsoft Defender for Endpoint in enterprise environments.

·        Demonstrated ability to design and maintain Sentinel workbooks and Azure Logic Apps.

·        Familiarity with both Windows and UNIX/Linux operating systems, including log analysis, system configuration, and threat response procedures.

·        Good understanding of Microsoft 365 E5 product features, especially advanced security and compliance capabilities.

·        Track record of working collaboratively with SOC teams for alert tuning, threat hunting, and incident response.

·        Strong analytical, troubleshooting, and problem-solving abilities.

·        Excellent written and verbal communication skills, including the ability to document processes and communicate findings to technical and non-technical audiences.

Preferred Skills and Certifications:

·        Relevant certifications such as Microsoft Certified: Security Operations Analyst Associate, Microsoft Certified: Azure Security Engineer Associate, or similar.

·        Experience with additional EDR, SIEM, and SOAR platforms.

·        Background in scripting or programming (e.g., PowerShell, Python) for process automation.

·        Knowledge of compliance frameworks (e.g., SOC 2, ISO 27001, GDPR) and security best practices.

·        Experience in security incident investigation and digital forensics.

Primary Duties and Day-to-Day Activities:

·        Daily monitoring and triage of security alerts within Sentinel and Defender for Endpoint.

·        Development and fine-tuning of analytic rules and automation playbooks to optimize threat detection and response.

·        Collaboration with SOC analysts and incident handlers to investigate and remediate security incidents.

·        Routine threat hunting using advanced queries and correlation of data from multiple sources.

·        Preparation and delivery of reports on security posture, incident trends, and detection efficacy to management and key stakeholders.

·        Continuous review and enhancement of security configurations in Intune, Defender for Endpoint, and associated infrastructure.