Job Title: Microsoft Sentinel Engineer
Hybrid
SC Clearance required*
Job Overview
We are looking for a Microsoft Sentinel Engineer to deploy, configure, and manage one of our client's Sentinel instances while improving security monitoring, threat detection, and incident response across our Azure and Microsoft 365 environments. This role will involve collaborating with various teams to align Sentinel operations with our wider security roadmap.
Key Responsibilities:
* Configure and manage Microsoft Sentinel, ensuring integration with Azure and M365 services.
* Collaborate to design, develop, and optimise Sentinel analytics rules, workbooks, and automation playbooks.
* Develop and mature threat detection and monitoring based on Azure/M365 logs.
* Lead incident response efforts triggered by Sentinel alerts and automate responses using Logic Apps.
* Continuously optimise Sentinel’s connected Log Analytics Workspace for health and cost efficiency.
* Identify threat vectors and reduce security risks across our cloud environments.
* Use Kusto Query Language (KQL) for advanced query writing and incident analysis.
* Experience with XDR, EDR, IDS/IPS, and SOAR to enhance threat management.
* Secure environments across multiple cloud providers.
* Expertise in Microsoft Sentinel architecture, deployment, and configuration.
* Proficiency in Kusto Query Language (KQL) for custom log queries and analytics rules.
* Experience working with Azure cloud security services (Azure Active Directory, Microsoft Defender, etc.).
* Experience securing multi-cloud environments.
* Familiarity with security products like XDR, EDR, IDS/IPS, and SOAR.
* Strong understanding of risk assessment, management methods, and regulatory compliance (GDPR, NIST, ISO 27001).