Microsoft Sentinel Security Engineer (XDR / E5 Security Stack)
Key Responsibilities:
- Microsoft Sentinel Deployment & Configuration
- Configure and optimize Microsoft Sentinel as the primary SIEM and XDR platform.
- Set up log ingestion from Microsoft 365 E5 services, Azure resources, endpoints, identity, and third-party security tools.
- Ensure HIPAA-compliant handling of sensitive healthcare data in logs and responses.
- Log Sources & Data Connectors
- Integrate data sources including Microsoft Defender XDR suite (Defender for Endpoint, Identity, Cloud Apps, Office 365, Cloud), Azure Activity, and M365 logs.
- Set up Syslog, CEF, and custom data connectors from firewalls, network appliances, and on-prem systems.
- Detection Engineering
- Develop and tune KQL-based analytics rules for real-time threat detection.
- Customize and maintain built-in and custom detection rules to reduce false positives.
- Map detections to MITRE ATT&CK framework.
- Automation & Response (SOAR)
- Design and implement automated playbooks using Azure Logic Apps.
- Develop incident response workflows for alert triage, ticketing, user containment, and notification.
- Monitoring & Optimization
- Continuously improve Sentinel rule effectiveness through tuning and feedback from investigations.
- Set up dashboards, workbooks, and reporting for visibility and compliance.
- Collaboration & Documentation
- Work closely with SecOps, Infrastructure, and Compliance teams to ensure effective coverage and integration.
- Document Sentinel configuration, runbooks, SOPs, and detection logic.
Required Qualifications:
- 3–5+ years of experience in security engineering, SOC, or threat detection roles.
- Proven hands-on experience with Microsoft Sentinel and Microsoft 365 Defender stack.
- Proficiency in KQL (Kusto Query Language) and analytics rule creation.
- Experience with Azure Logic Apps , automation, and playbook development.
- Solid understanding of security operations, incident response, threat detection methodologies.