We are looking for an experienced Sentinel Administrator to manage and optimize Microsoft Azure Sentinel, ensuring the organization’s security operations are running smoothly. The role involves configuring, maintaining, and monitoring security alerts, developing automation, and providing support to the SOC team in responding to incidents. The ideal candidate will have a strong understanding of cybersecurity concepts, SIEM systems, and incident response procedures.
Experience
- 5 years of experience
- 3+ years of experience mandatory in SIEM
Roles And Responsibilities
- Manage Sentinel Environment
- Oversee the deployment, configuration, and maintenance of Microsoft Azure Sentinel SIEM.
- Develop and maintain data connectors for log integration from various sources like firewalls, endpoints, and cloud services.
- Manage application integration within the Sentinel environment.
- Handle all types of integrations to ensure seamless data flow and monitoringUse Case and
Rule Development
- Develop automation workflows and playbooks in Sentinel to streamline incident detection and response.
- Implement Security Orchestration, Automation, and Response (SOAR) capabilities for effective response management.
- Dashboard and Reporting:
- Build and maintain dashboards, reports, and visualizations for real-time monitoring of security events and trends.
- Provide periodic reports on security posture, incident trends, and operational effectiveness.
- Collaboration and Support:
- Work closely with SOC analysts, IT teams, and security engineers to address security events and incidents.
- Provide support and troubleshooting for log ingestion and integration issues.
- Security Compliance and Best Practices:
- Ensure Sentinel configurations align with industry standards and best practices for security and compliance.
- Stay updated with the latest security threats, vulnerabilities, and SIEM technologies to continuously improve security measures.
Required Skills And Qualifications
- Proven experience with Microsoft Azure Sentinel or similar SIEM platforms.
- Strong understanding of SIEM concepts, log management, and incident detection/response.
- Experience with KQL (Kusto Query Language) for writing and optimizing queries in Sentinel.
- Familiarity with security frameworks (NIST, ISO 27001) and incident management practices.
- Knowledge of cloud security (Azure/AWS), firewalls, endpoint protection, and network security protocols.
- Ability to develop playbooks, automation workflows, and use cases in Sentinel.
- Excellent communication and collaboration skills.
- Certifications such as Microsoft Certified: Security Operations Analyst Associate or equivalent.
- Hands-on experience with SOAR tools and automation in security operations.
- Experience with PowerShell, Python, or other scripting languages for automation.
Share with someone awesome
View all job openings
