Senior Security Engineer, Managed Microsoft Sentinel

Security Platform Engineering & Administration

• Be a subject matter expert (SME) for Microsoft Sentinel and Microsoft Defender XDR across managed clients
• Lead the intake process and platform readiness during Eastern Standard Time business hours
• Lead administration and lifecycle management of:
• Microsoft Sentinel
• Microsoft Defender XDR suite
• Oversee and improve platform health monitoring including:
• Log ingestion pipelines and data normalisation
• Data connector stability and performance
• Automation strategies and SOAR workflows
• Analytics rule efficiency and alert reliability
• Analyse ingestion trends and lead cost optimization strategies across multi-tenant environments
• Guide tenant standardisation configuration baselines and best practices across MSSP deployments
• Be an escalation point for complex platform or telemetry issues

Log Source Onboarding & Integration

• Onboard new data sources into Microsoft Sentinel following established SOPs:
• Validate connectivity
• Confirm correct parsing and schema normalisation
• Ensure events are visible and queryable in Log Analytics
• Integrate Microsoft Defender data sources:
• Defender for Endpoint
• Defender for Identity
• Defender for Cloud Apps
• Validate data integrity and entity mapping
• Troubleshoot ingestion or connector issues across Azure and third-party integrations
• Lead onboarding of new and complex data sources into Microsoft Sentinel
• Design and evolve standard operating procedures (SOPs) for data onboarding
• Ensure: Reliable connectivity
• Accurate parsing and schema normalisation
• Entity mapping and enrichment
• End-to-end data visibility in Log Analytics
• Manage integration strategy for Microsoft Defender data sources:
• Defender for Endpoint
• Defender for Identity
• Defender for Cloud Apps
• Troubleshoot and resolve advanced ingestion schema or connector issues across Azure and third-party platforms
• Advise on architectural decisions related to telemetry quality and coverage

Detection Engineering & Use Case Development

• Design advanced analytics rules including:
• Scheduled
• Near-Real-Time (NRT)
• Fusion and correlation-based detections
• Lead development and optimization of complex KQL-based detection logic
• Oversee false-positive reduction projects through structured tuning suppression and enrichment
• Ensure MITRE ATT&CK mapping and detection coverage analysis
• Improve cross-platform correlation between Microsoft Defender XDR and Sentinel Design:
• Workbooks and dashboards for operational and executive visibility
• Reusable detection and threat hunting libraries
• Review and provide feedback on detection logic authored by junior engineers

Automation & SOAR Engineering

• Architect maintain advanced Azure Logic App strategies
• Design end-to-end automation for:
• Device isolation
• Account disablement or remediation
• IP and domain blocking
• Case and ticket orchestration
• Integrate REST APIs and external systems where required
• Enforce change management and version control standards
• Validate automation through testing in non-production environments
• Identify opportunities to reduce analyst workload through automation

Leadership Documentation & Continuous Improvement

• Be a technical mentor to Security Engineer I/II team members
• Lead or contribute to:
• Runbooks
• SOPs
• Detection documentation
• Platform onboarding standards
• Document complex investigations detection logic and platform decisions
• Provide strategic tuning and architecture feedback to senior engineering and security leadership
• Stay current with Microsoft security roadmap changes and new threat trends
• Participate in internal training sessions and contribute to knowledge-sharing projects

Education experience

• Bachelors degree in Computer Science Cybersecurity Information Technology or related field (or equivalent

Experience

• 58 years of experience in security engineering SOC or security operations roles
• 3 years hands-on experience with Microsoft Sentinel
• Deep experience with the Microsoft Defender XDR suite
• Experience operating in MSSP or customer-facing environments
• Hands-on exposure to multi-tenant security operations (Azure Lighthouse)
• Demonstrated experience leading security engineering projects

Technical Skills

• Working knowledge of:

o Microsoft Sentinel

o Microsoft Defender XDR

o Azure Log Analytics Advanced Proficiency in KQL

• Experience with:

o Windows & Linux logs

o Azure AD / Entra ID

o Networking fundamentals (TCP/IP ports firewalls or proxies)

o Authentication and authorization models

• Hands-on experience with:

o Azure Logic Apps

o REST APIs

o PowerShell or Python scripting

• Experience with the MITRE ATT&CK framework
• Familiarity with MDR and SOC operational workflows
• Translate security telemetry into applicable detections

Certifications

• SC-200 (Microsoft Security Operations Analyst)
• AZ-500 (Azure Security Engineer)
• SC-100 (Cybersecurity Architect)
• CompTIA Security
• Relevant Microsoft Defender certifications

Soft Skills

• Document investigations and platform changes thoroughly
• Customer-focused mindset and risk-driven approach
• Comfortable balancing hands-on engineering with strategic ownership