Siem Engineer

Job Description:

• Design, deploy and optimize Microsoft Sentinel for SIEM and SOAR capabilities.
• Develop and implement advanced detection use cases aligned with MITRE ATT&CK framework.
• Monitor and analyze security events across endpoint, network, identity, database and DevOps environments.
• Build and fine tune KQL based detection rules and threat hunting queries.
• Identify threats such as lateral movement, command and control activity, suspicious sign ins and data exfiltration.
• Design and implement security policies and monitoring strategies based on business risk.
• Integrate Microsoft Defender XDR, Azure services and third party security tools.
• Develop and manage SOAR playbooks using Logic Apps for automated response.
• Implement Data Loss Prevention using Microsoft Purview and manage endpoint security via Intune.
• Work on DevSecOps integrations including Azure DevOps, APIs and Infrastructure as Code.
• Deploy and manage on premise SIEM solutions such as Wazuh in hybrid environments.
• Ensure continuous improvement of detection capabilities and security posture.

Requirements:

• 3 to 4 years of relevant experience in SIEM or cybersecurity roles.
• Strong hands on experience with Microsoft Sentinel and KQL.
• Expertise in Microsoft Defender XDR including Endpoint, Identity, O365 and Cloud.
• Experience in SIEM implementation, detection engineering and policy design.
• Solid understanding of network security, endpoint telemetry and cloud security.
• Familiarity with MITRE ATT&CK framework.
• Experience with automation, DevOps security and API integrations.
• Strong analytical, problem solving and communication skills.