Job Summary
We are seeking a Senior Microsoft Sentinel Engineer with strong hands-on experience in deploying, configuring, and managing SIEM solutions using Microsoft Sentinel.
The ideal candidate will be responsible for end-to-end Sentinel implementation, including log onboarding, detection rules, dashboards, automation, and ongoing optimization. This role is suitable for a senior engineer who has worked in real production SOC environments and can independently lead Sentinel deployments.
Key Responsibilities
- Design, deploy, and manage Microsoft Sentinel environments
- Onboard log sources from:
- Azure services
- Microsoft Defender solutions
- On-premises servers, firewalls, and security tools
- Azure services
- Microsoft Defender solutions
- On-premises servers, firewalls, and security tools
- Configure and fine-tune:
- Analytics rules
- Alerts and incidents
- Workbooks and dashboards
- Analytics rules
- Alerts and incidents
- Workbooks and dashboards
- Implement automation and response workflows using Logic Apps
- Reduce false positives and optimize alert quality
- Support SOC teams with investigation and threat-hunting use cases
- Troubleshoot data ingestion, connector, and performance issues
- Prepare documentation, SOPs, and operational guides
- Conduct knowledge transfer and handover sessions
- Support POC, pilot, and production rollouts
- Design, deploy, and manage Microsoft Sentinel environments
- Onboard log sources from:
- Azure services
- Microsoft Defender solutions
- On-premises servers, firewalls, and security tools
- Configure and fine-tune:
- Analytics rules
- Alerts and incidents
- Workbooks and dashboards
- Implement automation and response workflows using Logic Apps
- Reduce false positives and optimize alert quality
- Support SOC teams with investigation and threat-hunting use cases
- Troubleshoot data ingestion, connector, and performance issues
- Prepare documentation, SOPs, and operational guides
- Conduct knowledge transfer and handover sessions
- Support POC, pilot, and production rollouts
Required Skills & Experience
Mandatory Skills
- Strong hands-on experience with Microsoft Sentinel (SIEM)
- Experience onboarding logs using:
- Built-in connectors
- Syslog
- APIs
- Custom data connectors
- Built-in connectors
- Syslog
- APIs
- Custom data connectors
- Knowledge of KQL (Kusto Query Language)
- Experience working in SOC or security monitoring environments
- Understanding of SIEM concepts such as incidents, alerts, correlation, and threat detection
- Strong hands-on experience with Microsoft Sentinel (SIEM)
- Experience onboarding logs using:
- Built-in connectors
- Syslog
- APIs
- Custom data connectors
- Knowledge of KQL (Kusto Query Language)
- Experience working in SOC or security monitoring environments
- Understanding of SIEM concepts such as incidents, alerts, correlation, and threat detection
Supporting Skills
- Familiarity with Microsoft Defender solutions (XDR integration)
- Experience with Azure Log Analytics
- Knowledge of Microsoft Entra ID
- Understanding of networking and security logs (firewalls, proxies, endpoints)
- Experience with Azure infrastructure basics
Preferred Qualifications
- Microsoft Security certifications (SC-200, AZ-500 or equivalent)
- Experience working with Microsoft partners or enterprise SOCs
- Knowledge of SOAR, automation, or incident response playbooks