Cyber Ops Engineer (Sentinel SME)
Share
Job Location:
St. Petersburg, FL - USA
Monthly Salary:
Not Disclosed
Posted on:
5 hours ago
Vacancies:
1 Vacancy
Job Summary
Job Summary (MS Sentinel Engineer/SME)
- Serve as a subject matter expert (SME) in Microsoft Sentinel (Azure SIEM) within a FedRAMP environment.
- Lead and escalate complex and high-severity security incidents in a Security Operations Center (SOC) at a senior/principal level.
- Design implement and optimize analytics rules and detections ensuring high-fidelity threat detection and response.
- Perform log parsing normalization and data quality management to enhance detection capabilities.
- Manage and optimize SIEM performance reducing false positives/noise and improving detection accuracy.
- Develop implement and tune detections aligned with MITRE ATT&CK and other threat frameworks.
- Utilize automation and orchestration tools including Sentinel playbooks and Logic Apps to streamline response processes.
- Conduct advanced threat hunting and large-scale data analysis using KQL (Kusto Query Language).
- Integrate and manage a wide range of security tools (NGFW IDS/IPS EDR AV MS Defender Suite Cloud Security Tools etc.).
- Apply broad knowledge of cloud and enterprise security technologies identity security (Entra ID) and cloud-native controls.
- Lead incident response activities including root cause analysis (RCA) and continual improvement of detection/response processes.
- Mentor and guide SOC analysts contributing to operational maturity and team development.
- Engage and influence technical and non-technical stakeholders with strong communication skills.
- Maintain up-to-date knowledge of evolving threats technologies and best practices.
- Preferred: Relevant certifications (SC-200 AZ-500 CySA).
- 5 years of experience in SOC Incident Response Azure Cloud Security.
- Remote position; no visa sponsorship; background/drug check not required.
- Serve as a subject matter expert (SME) in Microsoft Sentinel (Azure SIEM) within a FedRAMP environment.
- Lead and escalate complex and high-severity security incidents in a Security Operations Center (SOC) at a senior/principal level.
- Design implement and optimize analytics rules and detections ensuring high-fidelity threat detection and response.
- Perform log parsing normalization and data quality management to enhance detection capabilities.
- Manage and optimize SIEM performance reducing false positives/noise and improving detection accuracy.
- Develop implement and tune detections aligned with MITRE ATT&CK and other threat frameworks.
- Utilize automation and orchestration tools including Sentinel playbooks and Logic Apps to streamline response processes.
- Conduct advanced threat hunting and large-scale data analysis using KQL (Kusto Query Language).
- Integrate and manage a wide range of security tools (NGFW IDS/IPS EDR AV MS Defender Suite Cloud Security Tools etc.).
- Apply broad knowledge of cloud and enterprise security technologies identity security (Entra ID) and cloud-native controls.
- Lead incident response activities including root cause analysis (RCA) and continual improvement of detection/response processes.
- Mentor and guide SOC analysts contributing to operational maturity and team development.
- Engage and influence technical and non-technical stakeholders with strong communication skills.
- Maintain up-to-date knowledge of evolving threats technologies and best practices.
- Preferred: Relevant certifications (SC-200 AZ-500 CySA).
- 5 years of experience in SOC Incident Response Azure Cloud Security.
- Remote position; no visa sponsorship; background/drug check not required.
