As a Microsoft Sentinel SME, you will be primarily responsible for the development, maintenance, and enforcement of the Azure Sentinel technology. You will work with our customers and understand and support how the Azure Sentinel platform will be leveraged to provide security across Azure and M365. You will also be providing an escalation point for Security Operation Center to consult and trust in the candidate's technical.
Key responsibilities:
Support and manage production cyber security incidents in a Managed Services/Operations setting.
Hand on design and configuration of the Microsoft Defender and Sentinel product Suites.
Support the evolution and implementation of AI to automate Investigation and Response.
Support the team in providing Cybersecurity expertise.
Create and develop Sentinel queries and playbooks.
Perform security analyst operations within Azure Sentinel including incident response and remediation of any related issues.
Drive strategic and complex projects with many critical dependencies.
Drive the development of Cybersecurity decoy systems to lure attackers off track leveraging Microsoft tools.
Manage the Endpoint Detection and Response support and administration.
Your Profile
Key skills/knowledge/experience:
Relevant track record of Cybersecurity experience.
Strong proficiency in Microsoft Sentinel and Microsoft Defender (implementation, administration, and troubleshooting).
Overall knowledge of Microsoft Security products.
Experience in threat Detection and Analysis.
Knowledge of Azure cloud services and Azure Log Analytics.
Experience and Knowledge in Security Incident and Event Management (SIEM).
Experience and knowledge in PowerShell or KQL.
Demonstrated ability to organise teams toward a common objective.
Ability to take ownership of delivery assignments and work in a team to accomplish joint goals.
Security Operations Center analyst background.
Flexibility as the role may require some occasional travel.
Good to have:
Microsoft Security Engineer Associate certification & Microsoft Security Operations certifications.
Multi-factor authentication (MFA) and RMS.
Microsoft Information Protection/Azure Information Protection.
Privileged Identity Management.
Other Cloud Certification.
Cybersecurity certifications.