Key skills
AzureCloudCyber SecurityFirewallsLinuxPythonTCP/IPPowerShellAnalyticsLogic AppsAzure ADEntra IDChange Management
About this role
Role Overview
- Support intake process including coverage for Eastern Standard Time business hours
- Administer and maintain Microsoft Sentinel and Defender XDR environments across managed clients
- Perform health monitoring of:
- Log ingestion pipelines
- Data connector status
- Automation guides
- Analytics rule performance
- Monitor ingestion volumes and support cost optimization projects
- Help with tenant standardisation across multi-client MSSP environments
- Onboard new data sources into Microsoft Sentinel following established SOPs:
- Validate connectivity
- Confirm correct parsing and schema normalisation
- Ensure events are visible and queryable in Log Analytics
- Integrate Microsoft Defender data sources:
- Defender for Endpoint
- Defender for Identity
- Defender for 365
- Defender for Cloud Apps
- Validate data integrity and entity mapping
- Troubleshoot ingestion or connector issues across Azure and third-party integrations
- Develop analytics rules (Scheduled, NRT, Fusion)
- Create and tune detection logic using KQL
- Reduce false positives through structured tuning and rule refinement
- Map detections to MITRE ATT&CK framework
- Improve alert fidelity and correlation between Defender XDR and Sentinel
- Maintain dashboards, workbooks, and reporting artefacts
- Help build reusable hunting and detection libraries
- Monitor Sentinel and Defender XDR alerts
- Perform Tier 2 evaluation and investigation of escalated alerts
- Provide clear documentation and escalation to MDR/SOC teams
- Support cause investigations for platform or telemetry issues
- Help with containment automation where applicable
- Develop Azure Logic App guides
- Automate response actions such as:
- Device isolation
- User disablement
- IP blocking
- Ticket creation
- Follow change management processes for configuration updates
- Test changes in lower environments when applicable
- Contribute to:
- Runbooks
- Standard operating procedures
- Onboarding checklists
- Detection documentation
- Document false positives and data quality issues
- Provide tuning feedback to senior engineers and architecture teams
- Stay current on Microsoft security roadmap changes
- Participate in internal training and knowledge-sharing sessions
Requirements
Education
- Diploma or Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field (or equivalent experience)
Experience
- 3–5 years of experience in IT security, SOC, or security engineering roles
- Minimum 2 years hands-on experience with Microsoft Sentinel
- Experience with Microsoft Defender XDR suite
- Experience in MSSP or customer-facing environments
- Exposure to multi-tenant environments (Azure Lighthouse)
Technical Skills
- Working knowledge of:
- Microsoft Sentinel
- Microsoft Defender XDR
- Azure Log Analytics
- Proficiency in KQL
- Understanding of:
- Windows & Linux logs
- Azure AD / Entra ID
- Networking fundamentals (TCP/IP, ports, firewalls, or proxies)
- Authentication and authorization models
- Experience with:
- Azure Logic Apps
- REST APIs
- PowerShell or Python scripting
- Understanding of MITRE ATT&CK framework
- Familiarity with MDR operational workflows
**Certifications **
- SC-200 (Microsoft Security Operations Analyst)
- AZ-500 (Azure Security Engineer)
- SC-100 (Cybersecurity Architect)
- Security+
- Relevant Microsoft Defender certifications
Soft Skills
- Document investigations and platform changes thoroughly
- Customer-focused mindset
- Balance operational and engineering responsibilities
Tech Stack
- Azure
- Cloud
- Cyber Security
- Firewalls
- Linux
- Python
- TCP/IP
Benefits
✔ Medical Insurance
- Employee + dependents covered ✔ Life Insurance
- Protection for what matters most ✔ Retirement Match Program
- We invest in your future ✔ Hybrid Work Model
- 2–3 days in office ✔ Maternity & Paternity Leave
- Time for the moments that matter ✔ Paid Time Off
- PTO + sick & casual leave ✔ Bereavement & Volunteer Time
- Give back to your community ✔ Professional Development
- Reimbursement program ✔ LinkedIn L&D Platform
- Thousands of courses at your fingertips ✔ Mobile Phone Reimbursement
- Stay connected, on us