Job Description
Job Summary:
We are seeking a talented Azure Sentinel Architect with 2-5 years of experience to design, implement, and optimize our customers' Azure Sentinel-based Security Information and Event Management (SIEM) systems. As an Azure Sentinel Architect, you will be responsible for developing a comprehensive security strategy, defining architecture and policies, integrating and optimizing threat detection, and enabling advanced security monitoring to ensure our customer's digital assets remain secure from cyber threats.
You'll work collaboratively with cybersecurity engineers and analysts, IT teams, and other stakeholders to assess security needs of our clients, configure Sentinel to address them, and continuously adapt our systems to emerging threats.
This is a hybrid role which may require travel to client locations.
Key Responsibilities:
1. Design and Implementation
Lead the design and implementation of Azure Sentinel to build a robust security monitoring and alerting system.
Architect an Azure Sentinel solution to enhance security posture through Real Time threat detection, investigation, and response.
Design custom dashboards, workbooks, and automated workflows to streamline security monitoring.
2. Configuration and Optimization
Configure and fine-tune Azure Sentinel rules, connectors, and playbooks to optimize threat detection and response capabilities.
Ensure scalability and performance by optimizing Sentinel resources, data connectors, and data ingestion pipelines.
Develop policies and procedures to ensure Azure Sentinel configuration aligns with industry best practices and compliance standards.
3. Security Analysis and Threat Detection
Collaborate with security analysts to implement effective use cases and threat hunting scenarios within Azure Sentinel.
Develop and manage custom queries using KQL (Kusto Query Language) to identify potential security incidents and perform forensic analysis.
Set up, manage, and refine automated incident response playbooks for efficient response to threats and alerts.
4. Integrations and Automations
Integrate Azure Sentinel with other security tools and platforms, such as Microsoft Defender, Entra ID, and third-party security systems.
Implement SOAR (Security Orchestration, Automation, and Response) functionalities to enhance incident response times.
Ensure seamless integration with IT infrastructure and continuous monitoring across cloud, hybrid, and on-premises environments.
5. Documentation and Training
Develop comprehensive documentation for Azure Sentinel designs, configurations, playbooks, and workflows.
Provide training and guidance to security team members on Azure Sentinel's use and capabilities.
Ensure the knowledge transfer and documentation of procedures for incident response, monitoring, and alert management.
6. Continuous Improvement
Regularly review and refine security policies, incident response playbooks, and Sentinel configurations based on the latest threat landscape.
Stay current with Azure Sentinel updates, new connectors, and best practices for cybersecurity and compliance.
Collaborate with IT teams to improve monitoring coverage and overall security posture.
Required Skills and Experience:
1. Experience:
Minimum 5 years of experience in cybersecurity, with at least 2 years focused on Azure Sentinel and/or Microsoft Azure Security.
Strong experience in SIEM design, implementation, and administration.
Strong problem-solving skills and analytical mindset with the ability to work under pressure.
Excellent communication skills to collaborate with both technical and non-technical stakeholders.
2. Technical Skills:
Proficiency in Kusto Query Language (KQL) for Sentinel query writing.
#J-18808-Ljbffr