Key skills
AnalyticsAzure
About this role
ISTARI is a global cybersecurity organization aiming to create a robust cybersecurity ecosystem. The Security Engineer will be responsible for securing enterprise endpoints and Azure cloud workloads, focusing on enhancing detection coverage and integrating telemetry into the SOC for effective threat detection and response.
Responsibilities:
- Deploy, configure, and manage Microsoft Defender for Endpoint across Windows, macOS, Linux, and Azure virtual machines
- Harden endpoint protection by transitioning controls from Audit to Block mode (e.g., ASR rules, Network Protection) using a phased rollout approach
- Monitor endpoint telemetry and investigate alerts to improve detection coverage and reduce false positives
- Consolidate and standardize endpoint security policies to ensure consistent enforcement across the environment
- Develop KQL-based detection queries aligned with MITRE ATT&CK techniques
- Ensure complete and healthy sensor deployment across all domain controllers
- Monitor and tune identity threat detections and suspicious activity alerts
- Integrate identity risk signals with SOC workflows to support incident response and threat investigations
- Implement and maintain Microsoft Defender for Cloud (CSPM/CWPP) capabilities across Azure environments
- Enforce Azure security baselines including RBAC, identity governance, and platform hardening controls
- Monitor cloud posture and manage remediation workflows for misconfigurations and policy violations
- Ensure cloud activity logs and telemetry are integrated into Sentinel for detection and monitoring
- Develop and tune Microsoft Sentinel analytics rules to improve detection fidelity
- Reduce alert fatigue by improving detection quality and minimizing false positives
- Build automation workflows and response playbooks using SOAR capabilities
Requirements:
- Bachelor's degree in Computer Science, Information Security, Engineering, or a related discipline (or equivalent practical experience)
- 5–8 years of experience in Cybersecurity Architecture and Engineering
- Hands-on experience implementing and managing Microsoft security platforms, including: Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Cloud and Microsoft Sentinel