Largeton GroupRemote
MS Sentinal Engineer
United States of America
Full Time
1 hour ago
$80 - $85 USD
H1B Sponsor Likely
Key skills
Microsoft SentinelFedRAMP environmentAnalytics rules designDetection engineeringLog parsingLog normalizationSIEM performance optimizationAutomationorchestrationKQLThreat huntingIncident responseSecurity Operations Center (SOC)Azure Cloud SecurityMicrosoft Defender suiteIdentity security (Entra ID)Next Generation FirewallIDS/IPSEDRAVLogic AppsStakeholder EngagementMentorshipAnalyticsAzureEntra IDLeadershipCommunicationCloud SecurityFirewall
About this role
Largeton Group is seeking a Senior Cybersecurity Operations Engineer to lead security operations leveraging Microsoft Sentinel. The role involves driving high-severity incident response, optimizing detection use cases, and enhancing automation for improved response efficiency.
Responsibilities:
- Lead the initial buildout and deployment of Azure Sentinel
- Design And Implement
- Analytics rules and detections
- Log parsing and normalization
- Log source ingestion and integrations
- Workbooks and dashboards
- Logic Apps / automation and response workflows
- Bring the Sentinel environment to an operational, customer-ready state
- Support incident response activities
- Participate in an on-call rotation
- Continue to expand and mature the environment over time
- Help upskill internal team members as the platform grows
Requirements:
- Expert-level proficiency in Microsoft Sentinel
- Operating in a FedRAMP environment
- Design and implement analytics rules and detections
- Design and implement log parsing and normalization
- Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field
- Equivalent combination of education and related experience
- 5 years of experience in a Security Operations Center (SOC), Incident Response, Azure Cloud Security
- Extensive SOC experience (L3/Senior/Principal level), serving as an escalation point for complex and high-severity incidents
- Expert-level proficiency in Microsoft Sentinel (Azure SIEM), with deep expertise in log ingestion, integration, data lifecycle management, and incident investigation
- Strong expertise in log normalization, parsing, and data quality management, ensuring high-fidelity detections
- Demonstrated ability to optimize SIEM performance, reducing noise while improving detection accuracy and coverage
- Experience with automation and orchestration, including Sentinel playbooks and Logic Apps to enhance response efficiency
- Deep experience in detection engineering, including designing, implementing, and tuning analytics aligned to MITRE ATT&CK
- Advanced KQL expertise for large-scale data analysis, threat hunting, and detection development
- Expertise in managing and utilizing a wide range of security tools, including Next Generation Firewall, IDS/IPS, EDR, AV, MS Defender Suite, Internet Proxy, other Cloud Security Tools, etc
- Strong knowledge of cloud and enterprise security technologies, including Microsoft Defender suite, identity security (Entra ID), EDR/XDR, firewalls, and cloud-native controls
- Proven leadership in threat hunting and incident response, including RCA and continuous improvement of detection and response capabilities
- Strong communication and stakeholder engagement skills, with the ability to influence technical and non-technical teams
- Demonstrated mentorship of SOC analysts, driving operational maturity
- Strong analytical and problem-solving skills, with the ability to operate effectively in a fast-paced environment
- Commitment to continuous learning and staying current with evolving threats and technologies
- Relevant certifications (SC-200, AZ-500, CySA+) preferred