The Microsoft Sentinel Security Engineer will design, implement, and manage Microsoft Sentinel and related security tools, monitor and respond to internal and external threats, support security operations and risk management processes, and serve as the subject matter expert to enhance the organization’s overall cybersecurity posture.
Role Description:
• This position involves enhancing the information security management framework, supporting the vendor risk management process, and monitoring external threats
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action
• Monitor and evaluate logs from internal systems including SIEM and related security applications
• Manage, upgrade, and maintain servers and applications
• Configure alerts to trigger automated responses or notifications based on predefined criteria.
• Work with third parties to investigate incidents and alerts in the Security Incident and Event Management (SIEM) system
• Act as the subject matter expert on Sentinel related services
• Manage Sentinel in a manner that balances cost, capabilities, and risks
• Develop data ingestion strategies; add and maintain log sources
• Design and implement data normalization and transformation processes for consistent and accurate analysis.
• Develop and maintain workbooks, playbooks, analytics and Kusto Query Language (KQL) Queries within Microsoft Sentinel
• Create visualizations of data (frequency of attacks, etc)
• Track, manage, and follow-up on existing security issues
• Train Security Operations Center (SOC) team on use of Microsoft Sentinel
• Participate in security exercises
• Work with the overall security department to continually improve the security program
• Create documentation; Perform periodic reviews of security processes
Required Qualifications & Education:
• BS/BA Degree in Cybersecurity or Information Technology from a U.S. accredited college, university, or institution.
• 3+ years of experience working in any of the following fields: insider threat; law enforcement; intelligence (collection, targeting, or analysis); counterintelligence; corporate security; and investigations.
• CISSP, GIAC, CEH, Security +, Network +, or equivalent Certification(s)
• Experience with Microsoft Security Tools (e.g. Sentinel) that is either part of or independent of the Microsoft Azure offering.
• Additional experience and critical knowledge preferred with the following tools: Qualys, Crowdstrike, Cloudflare, CyberArk, Solarwinds
Clearance and Location Requirements:
• Able to be cleared for a Public Trust clearance.
• This position requires to be onsite 3 days per week in Washington, DC.
Need help? Lets talk.
We're ready to discuss your needs or dive in on your cyber defense journey. Let us know how we can help.
#J-18808-Ljbffr