SIEMEDRXDR Architect with Microsoft Sentinel

The world of global advisory audit and tax compliance services for large multi-nationals is rapidly changing and heavily dependent on technology.

The KPMG Delivery Network (KDN) is a KPMG special purpose member firm offering a way for clients to leverage KPMG top talent and technology platforms through regional teams of specialists enabling economies of scale and a new way of working that expands beyond local capability

Together with KDN KPMG member firms can drive the sales and delivery of global solutions at a competitive price and in a repeatable and consistent manner. As a member of KDN youll be a part of the KPMG family working alongside some of our professions most skilled practitioners on rewarding programs and initiatives that are changing the way business operates delivering value to our clients and driving positive change in the communities we serve.

Youll be enabling KDN accelerate new ways of working using cutting-edge technology and working together with our member firms located in nearly 150 countries to help us achieve our ambition to be the most trusted and trustworthy professional services firm.

And through your work youll build a global network and unlock opportunities that you may not have thought possible with access to great support vast resources and an inclusive supportive environment to help you reach your full potential.

Our KDN Bulgaria Cloud Services unit is focused on designing building securing and managing cloud native & hybrid platforms for the KPMG group of member firms as well as providing cloud advisory and engineering services to external clients.

The security architecture leader and practitioner is specializing in Sentinel and the Microsoft Defender security stack bridging engineering and SOC operations. The person drives use-case strategy integrates telemetry across cloud and on-prem sources and develops KQL-based detections and automated response workflows (PowerShell/Python). Strong nice-to-have experience across Splunk and Dynatrace for cross-platform observability and security alignment.

Responsibilities:

• Design implement and own enterprise-grade SIEM/EDR/XDR architecture with a hands-on focus on Microsoft Sentinel and the broader Azure Defender / Microsoft Defender security stack ensuring scalable ingestion normalization correlation and retention across cloud hybrid and on-premises estates.
• Advise Security Architecture Cloud Enablement Identity Network and SOC leadership on detection strategy telemetry requirements and architectural tradeoffs translating security objectives into practical designs that measurably improve visibility detection coverage and response outcomes.
• Engineer high-fidelity detections and hunting capabilities using KQL developing reusable analytic patterns baselines anomaly models and threat-informed correlations that map to attacker behavior (MITRE ATT&CK) and reduce false positives without sacrificing coverage.
• Lead end-to-end integration of security telemetry sources (Azure M365 Defender products identity providers endpoints network/security devices cloud workloads and custom logs) defining data schemas parsing/ASIM alignment enrichment and entity resolution to enable accurate investigations and automated response.
• Design and implement automation and orchestration using Sentinel automation rules playbooks and custom pipelinesleveraging PowerShell and/or Python to streamline triage enrichment containment actions case management and reporting while enforcing secure secrets handling and change control.
• Partner with SOC Detection Engineering and Incident Response teams to develop and continuously improve use-case lifecycle management: requirements detection build tuning validation production rollout KPI tracking periodic control effectiveness reviews.
• Architect resilient cost-efficient solutions for log collection and processingoptimizing ingestion workspace strategy retention archiving and query performance while maintaining compliance and auditability (data residency RBAC and evidence preservation).
• Provide technical leadership during major incidents as a senior escalation pointdriving advanced investigation workflows threat hunting timeline reconstruction and containment guidance across endpoint identity cloud control-plane and network signals.
• Define and maintain standards reference architectures and engineering playbooks for SIEM/EDR/XDR including onboarding patterns detection coding conventions testing frameworks and operational runbooks that ensure repeatability and high quality at scale.
• Evaluate and integrate complementary observability and security platforms as valuable acceleratorsSplunk and Dynatrace as strong nice-to-havesensuring cross-tool interoperability consistent detection outcomes and unified operational reporting.
• Continuously assess emerging Microsoft security capabilities and relevant cloud services identifying opportunities to expand detection depth automate response and harden architecturesdriving secure-by-design adoption and measurable improvements in mean time to detect/respond.

What you bring in:

• Bachelors or Masters degree in computer science Cybersecurity Information Systems Engineering or a related technical field.
• Relevant Microsoft and security certifications strongly preferred:
  • Microsoft SC-200 (Security Operations Analyst)
  • SC-100 (Cybersecurity Architect Expert)
  • Azure Solutions Architect (AZ-305)
  • GIAC CISSP or equivalent senior security certifications are beneficial.
• 812 years of experience in security engineering SOC detection engineering or security architecture roles.
• Proven experience designing and operating Microsoft Sentinel in enterprise or MSSP/MDR environments.
• Hands-on experience with EDR/XDR platforms preferably Microsoft Defender XDR.
• Demonstrated experience designing detection architectures log pipelines and SIEM operating models at scale.
• Experience collaborating with SOC MDR cloud identity and platform engineering teams.
• Exposure to cost optimization performance tuning and large-scale log ingestion architectures.

What we offer:

• The chance to work in a top talent team
• Attractive remuneration
• Build knowledge in cutting-edge technologies
• Opportunity for continuous training learning and certification
• Experience in an international and multicultural organization
• Work on challenging projects with clients in various industries around the globe
• Modern office environment
• Additional health insurance
• Life insurance
• 50 benefits and services to choose from
• Hybrid working policy