Siem Engineer | Azure Sentinel

Job Description

Role & responsibilities Develop and implement custom analytics rules within Microsoft Sentinel to identify security threats and anomalies. Leverage KQL and other tools to create custom detection on Microsoft Defender XDR MDE & MDCA. Create advanced detection rules based on business requirements & SOC Use Cases. Work with SIEM and SOAR solutions at scale. Collaborate with other security teams to identify and prioritize security requirements and develop effective solutions. Update the code (KQL) on analytical rule for finetuning the false positive incidents. Stay up to date with the latest security threats and trends and apply this knowledge to improve our security posture. Perform content enrichment depending on feedback received from security analysts. Have a strong understanding of Cloud Security and Networking Concepts and practices. Helps to create reports that properly present the key risk and performance indicators. Communicating & reporting concise summaries of complex scenarios & information across diverse and senior stakeholder groups. Design, maintain Content Management standard operating procedures (SOP), processes and guidelines. Report preparation for leads and management review with data from dashboards & reports. Preferred candidate profile Strong understanding of JSON, Kusto Query Language (KQL) and PowerShell languages. Experience analyzing data from cybersecurity monitoring tools such as SIEM / SOAR platforms, host and network logs, firewall and IPS/IDS logs and email security gateway. Strong understanding of security operations concepts: perimeter defense, endpoint management, data leak prevention, kill chain analysis and security metrics. Knowledge of the common attack vectors on various layers. Knowledge and experience working with the Cyber Kill Chain Model, MITER ATT&CK Matrix. Experience with Security Operations Center, SIEM management & solutions ownership. Knowledge of various security methodologies and technical security solutions. Conduct an audit of the platform configuration to optimize it. Optimizing the way logs are processed and leveraged by SOC team members. Knowledge on schemas of Microsoft Defender XDR solutions (Microsoft Entra ID and ID protection, Microsoft Defender for Endpoint, Microsoft Defender for Cloud apps, Microsoft Purview Information Protection) and Microsoft 365. Knowledge of schemas with security events logs from Microsoft windows server. Experience of working within a regulatory/controlled environment. Understanding of Cyber Security Risk and mitigation strategies.