Exp: 5+ YearsSkill- need Sentinel implementation experience & KQLJD : --A role involving Microsoft Sentinel typically centers around designing, implementing, and managing security monitoring solutions using this cloud-native SIEM (Security Information and Event Management) platform.Common Responsibilities
Deploy and configure Microsoft Sentinel to monitor security events across cloud and on-premises environments.
Develop custom analytics rules and workbooks to detect threats and visualize data.
Create and maintain automation playbooks using Logic Apps for incident response.
Integrate data connectors to ingest logs from various sources (Azure, Microsoft 365, firewalls, etc.).
Investigate and respond to security incidents, working closely with SOC teams.
Continuously improve detection capabilities by staying updated on emerging threats.
Desired Skills
Strong knowledge of Microsoft Sentinel and other Microsoft security tools (Defender, Azure Security Center).
Experience with Kusto Query Language (KQL) for writing detection rules.
Familiarity with PowerShell or Python for automation.
Understanding of cybersecurity frameworks and best practices.
Experience with SIEM/SOAR platforms and incident response processes.
Microsoft Sentinel Implementation: Design, configure, and deploy Microsoft Sentinel solutions to monitor security events and incidents across the organisation and clients' networks.
Security Incident Detection: Develop and maintain custom security rules and queries to detect and analyse potential security threats and vulnerabilities.
Incident Response: Understand incident response efforts including investigating, containing, and mitigating security incidents in a timely and effective manner.
Custom Sentinel Development: Building of custom data connectors to ingest logs from customer environments, and the ability to work with a customer to understand and guide log capture and alerting requirements so as to also build effective analytic rules used by the SOC team.
Security Threat Analysis: Analyse and document security events and incidents to understand their nature, impact, and root causes, and provide recommendations for improvement.
Automation and Orchestration: Create and maintain automation scripts for incident response and remediation processes to improve operational efficiency.
Collaboration: Work closely with cross-functional teams, including security analysts, network engineers, and system administrators, to enhance security posture and ensure a cohesive security strategy.
Continuous Improvement: Stay current with industry trends and emerging threats, recommend security enhancements, and participate in security training and knowledge sharing within the team.
Documentation: Maintain comprehensive documentation of security procedures, incident reports, and best practices.
