Azure Sentinel Specialist – Security Engineering

This position will be involved in developing/engineering SIEM/SOAR solutions across the current and future security portfolio, with a strong initial focus on Microsoft Sentinel. The ideal candidate should have experience configuring, managing, and optimizing Azure Sentinel to support a mature SOC. This role involves working closely with IT security teams to enhance our security posture while ensuring compliance with industry standards and best practices.

Responsibilities

• Manage all aspects of a SIEM/SOAR, including subscription management, query optimization, workbook/playbook management, analytic rules, and cost optimization.
• Collaborating internally and across the organization in driving cloud adoption of security technologies.
• Stay current with industry trends, best practices, and emerging technologies related to DevOps and cloud computing.
• Extensive collaboration with technical and business facing stakeholders to engineer solutions which exceed customer expectations and drive significant business value. 
• Implement and monitor security standards across development, testing, and production environments.
• Collaborate with Cloud operational & engineering teams to resolve deployment issues and ensure smooth operations.
• Deploy, configure, and manage Azure Sentinel solutions for effective security monitoring and incident response.
• Integrate Azure Sentinel with various data sources, native and non-native connectors, and Azure services to ensure comprehensive threat visibility across the organization.
• Create and fine-tune analytics rules, workbooks, and playbooks to automate and improve threat detection and response processes.
• Utilize futuristic tools, technology, and frameworks for enhancing business experience. 
• Participate in the development of a healthy product backlog, ensuring agile practices are followed. 
• Proactively identify opportunities to improve and automate existing technologies. 
• Support strategic vision for new infrastructure and systems by providing input on roadmaps/value maps in partnership with business stakeholders that aligns with the overall corporate strategy. 
• Support organizational wide Disaster Recovery and Business Continuity plans and strategy so the organization is prepared for potential events. 
• Support 24x7 security operations as needed.

Qualifications:

Basic Qualifications:

• Bachelor’s degree in Computer Science, Cyber Security, or Information Systems. 
• 2+ years of proven hands-on experience with SIEM & SOAR, with a strong preference for Microsoft Sentinel.
• Microsoft certifications such as: SC-200 and SC-100
• knowledge of Azure DevOps tools and services, including Azure Pipelines, Repos, Artifacts, and Boards.
• Familiarity with threat intelligence platforms and cybersecurity frameworks such as NIST or MITRE ATT&CK.
• 1+ year with engineering expertise with Full stack, hands-on expertise with infrastructure including IaC such as Terraform or ARM templates.
• 1+ year of experience developing end-end using APIs and/or scripting languages such as Powershell, Python, YAML, JSON, NodeJS, etc.
• 1+ year leading projects and implementations.
• Proficiency in creating custom queries using Kusto Query Language (KQL).

Preferred Qualifications:

       Technical Skills:

• Understanding, with hands-on experience, of IT Security and Security Engineering technologies such as CASB, CSPM, Email Security Gateways, SIEM/SOAR, Endpoint Protection, EDR/XDR, DLP, etc.
• Significant experience with security orchestration, automation, and response (SOAR) tools.
• Technical knowledge of cloud platforms: Azure is strongly preferred. 
• Experience engineering reusable tools and self-service capabilities with automated infrastructure operations
• Experience in creating frontend components that support accessibility
• Proven experience in engineering solutions that improve the developer or user experience and productivity.
• Hands-on experience setting up CI/CD pipelines. OpenShift Tekton, or GitHub Actions, or alike Knowledge of secure coding practices
• Experience setting up serverless functions using GCP Cloud Run or Cloud functions, and configuring the respective cloud provider for scaling 
• Robust knowledge of system design principles including reliability, availability, and scalability
• Understanding of security frameworks
• Experience setting up logging and monitoring services (Dynatrace, GCP Ops Suites)
• Proven ability to implement and prove out POCs with speed, vision and quality
• Strong consulting and analytical skills and a risk management mindset

        Other Skills: 

• Demonstrates the ability to be highly collaborative with peers across the organization.
• Possess a high tolerance for ambiguity and ever-changing technology environment.
• Possess a strong bias for action.
• Naturally curious and stays on top of emerging trends and threats.
• interpersonal skills, with the ability to communicate effectively at all levels of the organization.
• Familiarization with agile concepts.
• Ability to thrive in working in a fast-paced, technologically forward-leaning environment and are not afraid to push the boundaries of security capabilities.
• A sense of intellectual curiosity and a burning desire to learn.

You may not check every box, or your experience may look a little different from what we've outlined, but if you think you can bring value to Ford Motor Company, we encourage you to apply!