Security Operations Engineer

About the RoleThis role is accountable for the architecture, engineering, and automation of in-house security platforms including the Microsoft Sentinel SIEM and associated SOAR tooling. The ideal candidate will have deep technical expertise in the Microsoft security stack and have demonstrated excellence in the development of security automation across domains such as alert triage, response, as well as other security processes such as patch and vulnerability management. They will also work extensively with various IT teams to define appropriate log ingestion, data enrichment, alerting and response actions via the SIEM/SOAR platform. They will also support the Security Operations Center (SOC) for advanced SIEM queries and analytic alerts. Primary responsibilities in this role include:Identification of and deployment of new detections or automations within the firms SIEM / SOAR platform.Drive creation and implementation of SIEM content (e.g. rules, alerts, dashboards, etc.)Ensure better analytics via SIEM - improve signal-to-noise ratio in SIEM content. Conduct regular assessments and tuning of Sentinel configurations to reduce false positives and enhance detection capabilitiesDesign and implementation of automation for alert enrichment, common detections closure, and response actionsBenchmarking of existing detections and development of a roadmap for expansion of coverage.Continuous testing of SIEM / SOAR platform to identify and remediation gaps in detection and prevention coverageIntegration with the external SOC provider to optimize the partnership and improve detection and response capabilitiesConsolidation of data sources across many Microsoft tenants, systems, and companies into a single source for consolidation of Security Operations proceduresMaintenance of all Security Operations tooling to ensure high availability of all log sourcesPartnering with Security Analysts to enhance Security Operations procedures as well as incident response.Consolidation and automation of Security Operations Metrics from various sourcesAutomation of Incident Response processes and workflowsDevelopment of and adherence of SIEM Engineering change control procedures and processesProvide training and support to team members on SIEM functionalitiesRequirements and QualificationsBachelor's degree in Computer Science, Information Security, or a related field.3+ years in a security related engineering role - MUST HAVE2+ years of SIEM/SOAR Engineering Experience - MUST HAVEDeep technical understanding of Microsoft Sentinel (MUST HAVE), Log Analytics, Defender, and other Microsoft security toolingDemonstrated excellence is the area of security automationProficiency with automation tooling (e.g. Terraform) and scripting languages (KQL, Python, Powershell) - MUST HAVEProficiency with Microsoft Power Apps, Azure Functions, Logic Apps, and other Microsoft automation toolingProficiency in API development with the goal of integrating security toolingFamiliarity with various log ingestion methodologies into a SIEM environment.Familiarity with automated development lifecycles and pipelines (DevOps)Familiarity with Cisco security tooling including Meraki and UmbrellaExperience in multi-tenant or MSP like environments a plusPossession of or ability to obtain professional certifications in information security or risk management, such as a CISSP, CISM, CEH, or forensic certifications.

Created: 2025-02-19