Assist with client transition and onboarding serving as a point of contact for Managed Security Service clients.

Act as a point of contact for clients as operational support of the SIEM and any related components.

This position will require responsibility for maintaining Service Level Agreements (SLA) and notification to management about potential issues.

Ability to explain and demonstrate how to use Microsoft Sentinel, to both technical and relatively non-technical personnel.

Provide client and vendor support through tickets and/or remote working sessions.

Implement, configure, and maintain the SIEM and any related Azure components.

The ability to develop, deploy and tune SIEM content such as analytics rules, workbooks, and scripts.

Responsibilities:

Sentinel Log Analytics Knowledge of Architecture planning, Infrastructure designing deployment.

Experience developing enterprise strategic implementation of Sentinel in large scale

Architect and design solutions to meet functional security requirements in Azure Sentinel.

Create and review Azure Sentinel architecture and solution design artifacts.

Setup and configure Azure Sentinel, Azure Security Centre, Microsoft Defender, and M365 Security.

Should have expertise in integrating data sources which are not supported by Sentinel tool OOB. Custom parser development and ability to solve technical issues in Sentinel must have requirements.

Should have ability to prepare and maintain policy and procedure documentations around SIEM technology, document life cycle management skill is required.

Should have expertise in consuming contents from content hub and management of log analytics workspace and ability to handle issues in MMA and AMA agents.

Should have proven record of implementing Sentinel advanced features, efficient log collection mechanisms, deployment and maintenance of log forwarders, maintenance of local agents.

Should have proven record of participation in customer or client reviews or global certifications regarding security controls in SIEM. Compliance and regulatory requirements understandings are good to have.

Good to have strong knowledge in Microsoft Sentinel pricing, Microsoft defender products, Microsoft Cloud services and Azure Arc.

Should have ability to work with stakeholders to solve technical issues and to support and deliver complex business, security, and operational requirements.

Should have ability to work with vendor technical support group and driving issues towards effective and permanent closure.

Drive strategic and complex projects with critical dependencies.

Strong understanding of Azure security services, including Azure Security Center, Azure Sentinel, Azure Active Directory, Azure Firewall, Azure Virtual Networks, and Azure Key Vault.

Configure and customize Microsoft Defender ATP, M365 ATP, or Azure Cloud App Security.

Ability to migrate workloads to the cloud and optimize resource costs.

Should have expertise in building custom analytical rules, tuning of analytical rules, building automation through Azure logic apps, management of entire product feature, end to end configuration.

Should have expertise in forming KQL queries and functions for complex detection and monitoring requirements.

Should have strong knowledge in MITRE attack framework and expertise in developing analytical rules and custom dashboards/workbooks across framework.

Experience in log management, retentions, maintenance of logs at low cost, performing access management, developing new custom dashboard based on different requirements.

Knowledge of security frameworks such as ISO/IEC 27001, NIST 800-53, OWASP, ISM.

Azure certifications Sentinel Ninja Level 400, AZ500, SC200, SC100 & MS500
Microsoft Threat Protection