Senior Security Engineer, Managed Microsoft Sentinel

Security Platform Engineering & Administration

Serve as a subject matter expert (SME) for Microsoft Sentinel and Microsoft Defender XDR across managed clients

Own the intake process and platform readiness during Eastern Standard Time business hours as required

Lead administration and lifecycle management of:

• Microsoft Sentinel
• Microsoft Defender XDR suite

Oversee and continuously improve platform health monitoring including:

• Log ingestion pipelines and data normalization
• Data connector stability and performance
• Automation playbooks and SOAR workflows
• Analytics rule efficiency and alert reliability

Analyze ingestion trends and lead cost optimization strategies across multi-tenant environments

Drive tenant standardization configuration baselines and best practices across MSSP deployments

Act as an escalation point for complex platform or telemetry issues

Log Source Onboarding & Integration

Onboard new data sources into Microsoft Sentinel following established SOPs:

• Validate connectivity
• Confirm correct parsing and schema normalization
• Ensure events are visible and queryable in Log Analytics

Integrate Microsoft Defender data sources:

• Defender for Endpoint
• Defender for Identity
• Defender for Office 365
• Defender for Cloud Apps

Validate data integrity and entity mapping

Troubleshoot ingestion or connector issues across Azure and third-party integrations

Lead onboarding of new and complex data sources into Microsoft Sentinel

Design and evolve standard operating procedures (SOPs) for data onboarding

Ensure:

• Reliable connectivity
• Accurate parsing and schema normalization
• Strong entity mapping and enrichment
• End-to-end data visibility in Log Analytics

Own integration strategy for Microsoft Defender data sources:

• Defender for Endpoint
• Defender for Identity
• Defender for Office 365
• Defender for Cloud Apps

Troubleshoot and resolve advanced ingestion schema or connector issues across Azure and third-party platforms

Advise on architectural decisions related to telemetry quality and coverage

Detection Engineering & Use Case Development

Design develop and maintain advanced analytics rules including:

• Scheduled
• Near-Real-Time (NRT)
• Fusion and correlation-based detections

Lead development and optimization of complex KQL-based detection logic

Own false-positive reduction initiatives through structured tuning suppression and enrichment

Ensure high-quality MITRE ATT&CK mapping and detection coverage analysis

Improve cross-platform correlation between Microsoft Defender XDR and Sentinel Design and maintain:

• Workbooks and dashboards for operational and executive visibility
• Reusable detection and threat hunting libraries
• Review and provide feedback on detection logic authored by junior engineers

Automation & SOAR Engineering

Architect develop and maintain advanced Azure Logic App playbooks

Design end-to-end automation for:

• Device isolation
• Account disablement or remediation
• IP and domain blocking
• Case and ticket orchestration

Integrate REST APIs and external systems where required

Enforce change management and version control standards

Validate automation through testing in non-production environments

Continuously identify opportunities to reduce analyst workload through automation

Leadership Documentation & Continuous Improvement

Serve as a technical mentor to Security Engineer I/II team members

Lead or contribute to:

• Runbooks
• SOPs
• Detection documentation
• Platform onboarding standards

Document complex investigations detection logic and platform decisions

Provide strategic tuning and architecture feedback to senior engineering and security leadership

Stay current with Microsoft security roadmap changes and emerging threat trends

Participate in internal training sessions and contribute to knowledge-sharing initiatives

Educationexperience

Bachelors degree in Computer Science Cybersecurity Information Technology or related field (or equivalent

Experience

58 years of experience in security engineering SOC or security operations roles

Minimum 3-4 years hands-on experience with Microsoft Sentinel

Deep experience with the Microsoft Defender XDR suite

Proven experience operating in MSSP or customer-facing environments

Hands-on exposure to multi-tenant security operations (Azure Lighthouse strongly preferred)

Demonstrated experience leading or owning security engineering initiatives

Technical Skills

Strong working knowledge of:

• Microsoft Sentinel
• Microsoft Defender XDR
• Azure Log Analytics Advanced Proficiency in KQL

Strong understanding of:

• Windows & Linux logs
• Azure AD / Entra ID
• Networking fundamentals (TCP/IP ports firewalls proxies)
• Authentication & authorization models

Hands-on experience with:

• Azure Logic Apps
• REST APIs
• PowerShell or Python scripting

Strong understanding of the MITRE ATT&CK framework

Familiarity with MDR and SOC operational workflows

Ability to translate security telemetry into actionable detections

Certifications (Preferred)

SC-200 (Microsoft Security Operations Analyst)

AZ-500 (Azure Security Engineer)

SC-100 (Cybersecurity Architect)

CompTIA Security

Relevant Microsoft Defender certifications

Soft Skills

Strong analytical and problem-solving skills

Clear written and verbal communication

Ability to document investigations and platform changes thoroughly

Customer-focused mindset and risk-driven approach

Comfortable balancing hands-on engineering with strategic ownership

Ability to lead through influence rather than authority