SOC Analyst - Sentinel Expert

Join Verdantas A Top #ENR 81 Firm!

We at Verdantas, seeking for skilled and motivated Microsoft Sentinel SIEM Engineer to join our dynamic cybersecurity team. In this role, you will be responsible for the end-to-end management, optimization, and advanced configuration of our Microsoft Sentinel SIEM and Microsoft 365 Defender platform. You will play a critical role in protecting our digital assets by designing and implementing detection rules, automating response actions, and hunting for advanced threats. The ideal candidate is a proactive problem-solver with deep technical expertise in the Microsoft security ecosystem and a passion for building resilient security operations.

Experience: 5+ years of hands-on experience in a security engineering or analyst role, with at least 2 years focused on Microsoft Sentinel.

Key Areas:

Monitoring and Maintenance

Threat Detection and Analysis

Automation and Orchestration

Threat Hunting

Incident Response Support

Collaboration and Communication

Continuous Improvement

Key Roles and Responsibilities

Day-to-day activities of a Sentinel SIEM Expert are a mix of proactive engineering, reactive response, and strategic improvement. While an analyst might watch the queue, an expert builds and tunes the system

1. Platform Management & Administration

• Deployment & Configuration:

  Architect, deploy, and configure Microsoft Sentinel workspaces, including data connector setup, log ingestion, and workspace optimization.

• Data Onboarding:

  Manage the ingestion of log data from various sources (e.g., Microsoft 365 Defender, Azure AD, Azure Activity Logs, on-premises servers, firewalls, endpoints via Azure Arc and AMA).

• Health Monitoring:

  Proactively monitor the health, performance, and cost of the Sentinel environment. Troubleshoot and resolve issues related to data ingestion, agent health, and analytics rule execution.

• Lifecycle Management:

  Manage the lifecycle of analytics rules, watchlists, hunting queries, and workbooks.

2. Threat Detection & Content Development

• Analytics Rule Creation:

  Design, develop, test, and tune custom analytics rules using Kusto Query Language (KQL) to detect malicious activity, threats, and anomalies.

• SOC Use Case Implementation:

  Translate business requirements and threat intelligence into effective, actionable detection logic within Sentinel.

• Leverage Built-in Templates:

  Utilize and customize built-in analytics rule templates from Microsoft and the community to accelerate detection coverage.

• Threat Intelligence Integration:

  Integrate threat intelligence platforms (TIP) and indicators of compromise (IOCs) into Sentinel to enhance detection capabilities.

3. Automation & Response (SOAR)

• Playbook Development:

  Design, build, and maintain Azure Logic Apps playbooks to automate incident response and orchestrate security workflows (e.g., auto-quarantine emails, disable user accounts, trigger investigations).

• Automation Rule Management:

  Create and manage Automation Rules to standardize incident triage, assignment, and lifecycle (e.g., auto-close false positives, set severity levels).

• Efficiency Improvement:

  Continuously seek opportunities to automate manual SOC tasks, reducing Mean Time to Respond (MTTR) and Mean Time to Acknowledge (MTTA).

4. Threat Hunting & Proactive Defense

• Proactive Hunting:

  Conduct proactive threat hunting campaigns using advanced KQL queries to uncover hidden threats that may evade traditional detection methods.

• Hunting Notebooks:

  Develop and utilize Jupyter notebooks within Sentinel for deep-dive, interactive investigations.

• Research & Development:

  Stay current with the latest adversary TTPs (Tactics, Techniques, and Procedures) and develop new hunting hypotheses.

5. Investigation & Incident Support

• Incident Analysis:

  Serve as an escalation point for Tier 2/3 SOC analysts, providing expertise during complex incident investigations.

• Forensic Data Enrichment:

  Use Sentinel's investigation graph and entity pages to enrich incident data and understand the full scope of an attack.

• Documentation:

  Create and maintain detailed documentation for runbooks, playbooks, hunting guides, and standard operating procedures (SOPs).

6. Collaboration & Reporting

• Stakeholder Reporting:

  Develop and maintain dashboards and workbooks to provide visibility into the security posture, key metrics (KPIs), and threat landscape for management and other stakeholders.

• Cross-Functional Collaboration:

  Work closely with the IT infrastructure, cloud, and application development teams to ensure proper logging and security best practices are followed.

• Mentorship:

  Mentor and provide technical guidance to junior SOC analysts and engineers.
• Act as an escalation point for Tier 2/3 SOC analysts struggling with a complex investigation.
• Provide a second opinion on the scope and impact of a potential security incident.
• Mentor junior engineers and analysts on KQL, Azure, and security concepts.