Lead Platform Engineer

Kuala Lumpur - Malaysia

Monthly Salary: Not Disclosed

Posted on: Yesterday

Vacancies: 1 Vacancy

Job Summary

Key Responsibilities

Lead threat-informed detection engineering by translating Red Team and adversary simulation insights into actionable detection improvements and enhancements
Design develop and maintain SIEM detection use cases including defining telemetry requirements mapping detections to the MITRE ATT&CK framework validating log sources and implementing enrichments aligned with ASIM standards where applicable
Conduct post-engagement detection gap analysis prioritize improvements and manage a structured detection backlog to continuously enhance detection coverage and effectiveness
Ensure each detection improvement includes refined detection logic (KQL) entity mapping suppression tuning updated triage guidance analyst documentation and re-validation with Red Team exercises
Manage the full lifecycle of detection use cases including design development testing deployment optimization and retirement ensuring alignment with security objectives and operational efficiency
Develop and optimize KQL-based detection logic incorporating contextual enrichment such as watchlists UEBA signals and other relevant telemetry to improve detection accuracy
Implement testing and validation processes including lab testing adversarial simulations and quality checks to maintain acceptable true positive and false positive rates and ensure optimal query performance
Manage deployment and release processes including CI/CD pipelines approval workflows release documentation and rollback planning for SIEM detection content
Collaborate closely with Red Team SOC analysts and engineering teams to ensure detection improvements are validated measurable and continuously refined based on operational feedback
Maintain a structured pipeline for Red Team findings converting them into detection engineering tasks and ensuring measurable improvements in coverage detection efficacy and remediation timelines
Lead enhancements of security automation and orchestration playbooks using Microsoft Logic Apps improving enrichment workflows notifications ticketing integrations and automated containment actions
Ensure automation playbooks include robust error handling retry logic timeout controls monitoring and secure credential management using managed identities and key vault practices
Oversee platform ownership and operational management of Microsoft Sentinel including connectors DCR/AMA configurations ASIM parsers watchlists workbooks and content hub solutions
Manage SIEM platform governance including RBAC policies API permissions service principals CI/CD promotion controls and adherence to least-privilege principles
Monitor and improve data quality and telemetry health identifying missing log sources parsing failures schema drift time synchronization issues and abnormal data volume patterns
Optimize data ingestion storage retention policies and cost controls within the SIEM platform through query tuning workspace optimization and appropriate data tiering strategies
Maintain governance and auditability standards including documented change records approval trails testing evidence and version control for detection and automation content
Produce security coverage and performance reports including metrics mapped to ATT&CK techniques asset classes and control families as well as measurable improvements resulting from Red Team collaboration

Person Specifications

06 10 years in SIEM engineering/detection engineering (Sentinel preferred)
Deep hands-on with Microsoft Sentinel KQL ASIM Logic Apps Content Hub Watchlists Workbooks
Proven experience partnering with Red Team/Pentesters and running Purple Team validations
Ability to translate attacker TTPs into telemetry high-fidelity detections
Skilled with CI/CD for SIEM (Git Azure DevOps) Detection-as-Code and environment promotion
Strong grasp of cloud identity & auth (Entra ID/OAuth/SAML/Kerberos) network protocols and Windows/Linux telemetry
Scripting for automation (PowerShell/Python) API integrations and data normalization

Nice To Have

Experience with M365 Defender and its bi-directional integrations with Sentinel
Familiarity with Fusion/UEBA ML anomalies and custom parsers (KQL functions)
Cost engineering for Sentinel (table strategy Basic vs Analytics archive/search)

Key Responsibilities Lead threat-informed detection engineering by translating Red Team and adversary simulation insights into actionable detection improvements and enhancementsDesign develop and maintain SIEM detection use cases including defining telemetry requirements mapping detections to the MI...

Key Responsibilities

Lead threat-informed detection engineering by translating Red Team and adversary simulation insights into actionable detection improvements and enhancements
Design develop and maintain SIEM detection use cases including defining telemetry requirements mapping detections to the MITRE ATT&CK framework validating log sources and implementing enrichments aligned with ASIM standards where applicable
Conduct post-engagement detection gap analysis prioritize improvements and manage a structured detection backlog to continuously enhance detection coverage and effectiveness
Ensure each detection improvement includes refined detection logic (KQL) entity mapping suppression tuning updated triage guidance analyst documentation and re-validation with Red Team exercises
Manage the full lifecycle of detection use cases including design development testing deployment optimization and retirement ensuring alignment with security objectives and operational efficiency
Develop and optimize KQL-based detection logic incorporating contextual enrichment such as watchlists UEBA signals and other relevant telemetry to improve detection accuracy
Implement testing and validation processes including lab testing adversarial simulations and quality checks to maintain acceptable true positive and false positive rates and ensure optimal query performance
Manage deployment and release processes including CI/CD pipelines approval workflows release documentation and rollback planning for SIEM detection content
Collaborate closely with Red Team SOC analysts and engineering teams to ensure detection improvements are validated measurable and continuously refined based on operational feedback
Maintain a structured pipeline for Red Team findings converting them into detection engineering tasks and ensuring measurable improvements in coverage detection efficacy and remediation timelines
Lead enhancements of security automation and orchestration playbooks using Microsoft Logic Apps improving enrichment workflows notifications ticketing integrations and automated containment actions
Ensure automation playbooks include robust error handling retry logic timeout controls monitoring and secure credential management using managed identities and key vault practices
Oversee platform ownership and operational management of Microsoft Sentinel including connectors DCR/AMA configurations ASIM parsers watchlists workbooks and content hub solutions
Manage SIEM platform governance including RBAC policies API permissions service principals CI/CD promotion controls and adherence to least-privilege principles
Monitor and improve data quality and telemetry health identifying missing log sources parsing failures schema drift time synchronization issues and abnormal data volume patterns
Optimize data ingestion storage retention policies and cost controls within the SIEM platform through query tuning workspace optimization and appropriate data tiering strategies
Maintain governance and auditability standards including documented change records approval trails testing evidence and version control for detection and automation content
Produce security coverage and performance reports including metrics mapped to ATT&CK techniques asset classes and control families as well as measurable improvements resulting from Red Team collaboration

Person Specifications

06 10 years in SIEM engineering/detection engineering (Sentinel preferred)
Deep hands-on with Microsoft Sentinel KQL ASIM Logic Apps Content Hub Watchlists Workbooks
Proven experience partnering with Red Team/Pentesters and running Purple Team validations
Ability to translate attacker TTPs into telemetry high-fidelity detections
Skilled with CI/CD for SIEM (Git Azure DevOps) Detection-as-Code and environment promotion
Strong grasp of cloud identity & auth (Entra ID/OAuth/SAML/Kerberos) network protocols and Windows/Linux telemetry
Scripting for automation (PowerShell/Python) API integrations and data normalization

Nice To Have

Experience with M365 Defender and its bi-directional integrations with Sentinel
Familiarity with Fusion/UEBA ML anomalies and custom parsers (KQL functions)
Cost engineering for Sentinel (table strategy Basic vs Analytics archive/search)