Job Title

Microsoft Sentinel SIEM AnalystWe are seeking a skilled and motivated Microsoft Sentinel SIEM Engineer to join our dynamic cybersecurity team.In this role, you will be responsible for the end-to-end management, optimization, and advanced configuration of our Microsoft Sentinel SIEM and Microsoft 365 Defender platform. You will play a critical role in protecting our digital assets by designing and implementing detection rules, automating response actions, and hunting for advanced threats. The ideal candidate is a proactive problem-solver with deep technical expertise in the Microsoft security ecosystem and a passion for building resilient security operations.Experience: 5+ years of hands-on experience in a security engineering or analyst role, with at least 2 years focused on Microsoft Sentinel.Key Areas: Monitoring and Maintenance Threat Detection and Analysis Automation and Orchestration Threat Hunting Incident Response Support Collaboration and Communication Continuous ImprovementKey Roles and Responsibilities Day-to-day activities of a Sentinel SIEM Expert are a mix of proactive engineering, reactive response, and strategic improvement. While an analyst might watch the queue, an expert builds and tunes the system1. Platform Management & Administration Deployment & Configuration: Architect, deploy, and configure Microsoft Sentinel workspaces, including data connector setup, log ingestion, and workspace optimization.  Data Onboarding: Manage the ingestion of log data from various sources (e.g., Microsoft 365 Defender, Azure AD, Azure Activity Logs, on-premises servers, firewalls, endpoints via Azure Arc and AMA).  Health Monitoring: Proactively monitor the health, performance, and cost of the Sentinel environment. Troubleshoot and resolve issues related to data ingestion, agent health, and analytics rule execution.  Lifecycle Management: Manage the lifecycle of analytics rules, watchlists, hunting queries, and workbooks.2. Threat Detection & Content Development  Analytics Rule Creation: Design, develop, test, and tune custom analytics rules using Kusto Query Language (KQL) to detect malicious activity, threats, and anomalies.  SOC Use Case Implementation: Translate business requirements and threat intelligence into eAective, actionable detection logic within Sentinel.  Leverage Built-in Templates: Utilize and customize built-in analytics rule templates from Microsoft and the community to accelerate detection coverage.  Threat Intelligence Integration: Integrate threat intelligence platforms (TIP) and indicators of compromise (IOCs) into Sentinel to enhance detection capabilities.3. Automation & Response (SOAR)  Playbook Development: Design, build, and maintain Azure Logic Apps playbooks to automate incident response and orchestrate security workflows (e.g., auto-quarantine emails, disable user accounts, trigger investigations).  Automation Rule Management: Create and manage Automation Rules to standardize incident triage, assignment, and lifecycle (e.g., auto-close false positives, set severity levels).  efficiency Improvement: Continuously seek opportunities to automate manual SOC tasks, reducing Mean Time to Respond (MTTR) and Mean Time to Acknowledge (MTTA).4. Threat Hunting & Proactive Defense  Proactive Hunting: Conduct proactive threat hunting campaigns using advanced KQL queries to uncover hidden threats that may evade traditional detection methods.  Hunting Notebooks: Develop and utilize Jupiter notebooks within Sentinel for deep-dive, interactive investigations.  Research & Development: Stay current with the latest adversary TTPs (Tactics, Techniques, and Procedures) and develop new hunting hypotheses.5. Investigation & Incident Support  Incident Analysis: Serve as an escalation point for Tier 2/3 SOC analysts, providing expertise during complex incident investigations.  Forensic Data Enrichment: Use Sentinel's investigation graph and entity pages to enrich incident data and understand the full scope of an attack.  Documentation: Create and maintain detailed documentation for runbooks, playbooks, hunting guides, and standard operating procedures (SOPs).6. Collaboration & Reporting  Stakeholder Reporting: Develop and maintain dashboards and workbooks to provide visibility into the security posture, key metrics (KPIs), and threat landscape for management and other stakeholders.  Cross-Functional Collaboration: Work closely with the IT infrastructure, cloud, and application development teams to ensure proper logging and security best practices are followed.  Mentorship: Mentor and provide technical guidance to junior SOC analysts and engineers.  Act as an escalation point for Tier 2/3 SOC analysts struggling with a complex investigation.  Provide a "second opinion" on the scope and impact of a potential security incident.  Mentor junior engineers and analysts on KQL, Azure, and security concepts.