Associate Principal Cybersecurity Analyst

What success looks like in this role:

We are seeking an experienced Sentinel Implementation Architect to lead the design, deployment, and optimization of Microsoft Sentinel SIEM solutions across our SOC environment. This role requires deep technical expertise in SIEM architecture, hands-on implementation experience with Sentinel and its integrations, and a strong understanding of security operations, log management, and threat detection.

Key Responsibilities:
Design scalable and secure Sentinel architecture based on organizational requirements.
Define log collection strategies, retention policies, and data pipelines using Azure-native tools.
Plan and implement Sentinel workspaces across multi-tenant or multi-region environments.
Lead the onboarding of various log sources (cloud, on-prem, third-party) into Microsoft Sentinel.
Integrate Microsoft Defender XDR, Azure Arc, custom data connectors, and threat intelligence feeds.
Configure and optimize Sentinel analytics rules, Fusion rules, and custom detections.
Design and implement SOAR playbooks using Azure Logic Apps for incident response automation.
Collaborate with SOC teams to build response workflows and ensure end-to-end alert handling.
Continuously monitor platform health, ingestion performance, and rule effectiveness.
Tune analytic rules to reduce false positives and improve detection accuracy.
Provide guidance on cost optimization and workspace governance.
Work closely with SOC analysts, incident responders, threat hunters, and IT teams.
Document architectural decisions, integration guides, and best practices.
Support audit, compliance, and reporting requirements through structured logging and retention.

You will be successful in this role if you have:

Required Skills & Qualifications:
8+ years of experience in cybersecurity, with at least 3 years in Sentinel platform implementation.
Proven experience in Microsoft Sentinel implementation, architecture, and administration.
Strong expertise in Kusto Query Language (KQL) and Azure Logic Apps.
Familiarity with Defender for Endpoint, Microsoft 365 Defender, and Azure security tools.
Solid understanding of log formats, threat detection, and incident response workflows.
Experience with SOAR design and automation use cases.
Relevant certifications are a plus (e.g., SC-200, SC-100, AZ-500).

Preferred Qualifications:
Experience with multi-tenant Sentinel deployments or MSSP environments.
Working knowledge of other SIEMs (Splunk, Securonix, etc.) is an added advantage.
Exposure to compliance standards (ISO 27001, NIST, SOC 2).

Unisys is proud to be an equal opportunity employer that considers all qualified applicants without regard to age, blood type, caste, citizenship, color, disability, family medical history, family status, ethnicity, gender, gender expression, gender identity, genetic information, marital status, national origin, parental status, pregnancy, race, religion, sex, sexual orientation, transgender status, veteran status or any other category protected by law.

This commitment includes our efforts to provide for all those who seek to express interest in employment the opportunity to participate without barriers. If you are a US job seeker unable to review the job opportunities herein, or cannot otherwise complete your expression of interest, without additional assistance and would like to discuss a request for reasonable accommodation, please contact our Global Recruiting organization at GlobalRecruiting@unisys.com or alternatively Toll Free: 888-560-1782 (Prompt 4).  US job seekers can find more information about Unisys’  EEO commitment here.