SIEM Engineer

We are seeking a talented and highly motivated Microsoft Sentinel SIEM Engineer to join our Dedicated Defense group. As a key member of our team, you will be responsible for deploying and maintaining Microsoft Security technologies to enhance threat detection, response, and overall security posture. This is an exciting opportunity for an individual with expertise in major SIEM technologies, aiming to help safeguard critical systems and data from evolving cyber threats.  Responsibilities:  Architect, deploy, and maintain Microsoft Sentinel for SIEM use cases including log ingestion, data normalization, and incident correlation.Manage and optimize Microsoft Defender for Endpoint, Identity, Cloud, Office 365, and other Defender tools to maximize protection and visibility.Develop custom queries,detection rules, workbooks, and automation playbooks to improve threat detection and response efficiency.Lead the design and implementation of security monitoring, including data connectors, analytics rules, and incident automation.Collaborate with threat analysts and incident response teams to triage, investigate, and respond to security alerts and incidents.Provide technical guidance in security best practices, incident response procedures, and threat hunting using Microsoft security tools.Continuously assess the security landscape and recommend improvements to policies, tools, and configurations.In addition to strong technical acumen, the ideal candidate will bring excellent communication and client-facing skills to collaborate directly with customers, understand their security needs, and deliver tailored solutions that align with their risk posture and compliance requirements. Outcomes:
Integration & Optimization: Integrate and optimize Microsoft Sentinel to improve visibility and automate threat detection workflowsThreat Detection: Utilize Microsoft Sentinel AI-powered analytics to dashboard reports and automate critical reporting functions Automation & Playbook Development: Develop automated detection and response playbooks based on Microsoft data feeds, streamlining incident management and reducing time to resolution. Collaboration & Knowledge Sharing: Work closely with other security and IT teams to share threat intelligence, optimize SIEM use, and contribute to security strategy development. Reporting & Documentation: Develop and maintain dashboards, reports, and documentation related to Microsoft Sentinel deployment, performance, and incident metrics. Continuous Improvement: Continuously evaluate Microsoft Sentinel capabilities and other relevant security tools to recommend improvements and refine detection capabilities.  Required Qualifications:  5 years of SIEM experience in Splunk, Qradar, Microsoft, and comparable SIEMS Hands-on experience with other SIEM platforms (Splunk, IBM QRadar, Microsoft Sentinel, etc.) and integrating them with endpoint security tools. Strong understanding of cybersecurity principles, threat detection, and SIEM management. Experience working with Sentinel One Core EDR technology Proficiency in scripting and automation (Python, PowerShell, etc.). Experience with cloud security (AWS, Azure, GCP) and cloud-native SIEM solutions is a plus. Bachelor’s degree in computer science, Information Security, or a related field (or equivalent experience).  Preferred Qualifications:  5 years of experience in cybersecurity in a SOC or security engineering capacity.Proven hands-on expertise with Microsoft Sentinel and Microsoft Defender suite.Deep knowledge of Kusto Query Language (KQL) and building custom analytics rules and workbooks in Sentinel.Strong experience in customer-facing roles.Experience with incident response, threat detection, and threat hunting techniques.Strong understanding of cloud security, especially in Azure environments.Familiarity with MITRE ATT&CK, NIST, and other security frameworks.Experience integrating Sentinel with third-party solutions (e.g., threat intel feeds, ticketing systems).