Must Have: ? ?
1
Expert-level proficiency in Microsoft Sentinel
2
Operating in a FedRAMP environment
3
Design and implement - Analytics rules and detections Log parsing and normalization
JOB SUMMARY
As a Senior Cybersecurity Operations Engineer, you will play a key role in leading security operations by leveraging Microsoft Sentinel as the central platform for detection, investigation, and response. You will act as a lead for high-severity incidents, driving end-to-end triage, root cause analysis, and continuous improvement of detection capabilities. You will design and optimize detection use cases, lead proactive threat hunting initiatives, and enhance automation to improve response efficiency. ESSENTIAL FUNCTIONS
Lead triage and response for incidents and leading incident response efforts and coordination across technical teams during major security events
Drive root cause analysis (RCA) for critical incidents and translate findings into improvements across detection engineering, logging strategy, and response workflows
Own the log onboarding strategy and architecture for Microsoft Sentinel, ensuring comprehensive visibility across cloud, on-premises, and integrations
Lead integration of new data sources into Sentinel, including defining onboarding standards, data mapping, normalization, and validation of log quality
Identify and remediate logging gaps across the enterprise, partnering with engineering, cloud, and application teams to improve telemetry coverage
Establish and enforce best practices for log ingestion, retention, and cost optimization within Azure Sentinel
Design, develop, and continuously improve detection use cases and analytics rules, aligned to MITRE Telecommunication&CK and evolving threat landscape
Own SIEM tuning strategy, reducing noise while ensuring high-confidence, high-fidelity detections
Lead proactive threat hunting initiatives using KQL and integrated threat intelligence, uncovering advanced or previously undetected threats
Architect and oversee Sentinel automation (playbooks, Logic Apps) to improve response efficiency and consistency
Develop and maintain advanced dashboards, workbooks, and reporting to provide actionable security insights to stakeholders
Mentor and coach junior and mid-level SOC analysts, setting standards for investigations, KQL usage, and operational excellence
Collaborate cross-functionally with cloud, DevOps, identity, and infrastructure teams to embed security visibility and detection into system design
Own and continuously improve SOC documentation, including SOPs, playbooks, and onboarding standards for new data sources and detections
Required Skills and Knowledge
Extensive SOC experience (L3/Senior/Principal level), serving as an escalation point for complex and high-severity incidents
Expert-level proficiency in Microsoft Sentinel (Azure SIEM), with deep expertise in log ingestion, integration, data lifecycle management, and incident investigation.
Strong expertise in log normalization, parsing, and data quality management, ensuring high-fidelity detections
Demonstrated ability to optimize SIEM performance, reducing noise while improving detection accuracy and coverage
Experience with automation and orchestration, including Sentinel playbooks and Logic Apps to enhance response efficiency
Deep experience in detection engineering, including designing, implementing, and tuning analytics aligned to MITRE Telecommunication&CK
Advanced KQL expertise for large-scale data analysis, threat hunting, and detection development
Expertise in managing and utilizing a wide range of security tools, including Next Generation Firewall, IDS/IPS, EDR, AV, MS Defender Suite, Internet Proxy, other Cloud Security Tools, etc.
Strong knowledge of cloud and enterprise security technologies, including Microsoft Defender suite, identity security (Entra ID), EDR/XDR, firewalls, and cloud-native controls
Proven leadership in threat hunting and incident response, including RCA and continuous improvement of detection and response capabilities
Strong communication and stakeholder engagement skills, with the ability to influence technical and non-technical teams
Demonstrated mentorship of SOC analysts, driving operational maturity
Relevant certifications (SC-200, AZ-500, CySA+) preferred
Strong analytical and problem-solving skills, with the ability to operate effectively in a fast-paced environment
Commitment to continuous learning and staying current with evolving threats and technologies
