Job description

What You'll Do: - Architect, deploy, and maintain Microsoft Sentinel for SIEM use cases including log ingestion, data normalization, and incident correlation. - Manage and optimize Microsoft Defender for Endpoint, Identity, Cloud, M65, and other Defender tools to maximize protection and visibility. - Develop custom queries, detection rules, workbooks, and automation playbooks to improve threat detection and response efficiency. - Lead the design and implementation of security monitoring, including data connectors, analytics rules, and incident automation. - Collaborate with threat analysts and incident response teams to triage, investigate,and respond to security alerts and incidents. - Provide technical guidance in security best practices, incident response procedures, and threat hunting using Microsoft security tools. - Continuously assess the security landscape and recommend improvements to policies, tools, and configurations. - In addition to strong technical acumen, the ideal candidate will bring excellent communication and client-facing skills to collaborate directly with customers, understand their security needs, and deliver tailored solutions that align with their risk posture and compliance requirements. What You've Done: - 10 years of SIEM experience in Splunk, Qradar, Microsoft, and comparable SIEMS • Hands-on experience with other SIEM platforms (Splunk, IBM QRadar, Microsoft Sentinel, etc.) and integrating them with endpoint security tools. - Strong understanding of cybersecurity principles, threat detection, and SIEM management. - Experience working with Sentinel One Core EDR technology • Proficiency in scripting and automation (Python, PowerShell, etc.). - Experience with cloud security (AWS, Azure, GCP) and cloud-native SIEM solutions is a plus. - Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience). - 10+ years of experience in cybersecurity in a SOC or security engineering capacity. - Proven hands-on expertise with Microsoft Sentinel and Microsoft Defender suite. - Deep knowledge of Kusto Query Language (KQL) and building custom analytics rules and workbooks in Sentinel. - Strong experience in customer-facing roles. - Experience with incident response, threat detection, and threat hunting techniques. - Strong understanding of cloud security, especially in Azure environments. - Familiarity with MITRE ATT&CK, NIST, and other security frameworks. - Experience integrating Sentinel with third-party solutions (e.g., threat intel feeds, ticketing systems). What We Offer: - 401(k), including an employer match of 100% of the first 3% contributed and 50% of the next 2% contributed - Medical, Dental, and Vision Insurance (available on the 1st day of the month following your first day of employment) - Group Term Life, Short-Term Disability, Long-Term Disability - Voluntary Life, Hospital Indemnity, Accident, and/or Critical Illness - Participation in the Discretionary Time Off (DTO) Program - 11 Paid Holidays Annually

Requirements