We are seeking a highly skilled Microsoft Sentinel Engineering Consultant with a strong background in Azure security technologies to join our dynamic team. The successful candidate will be responsible for deploying, configuring, and maintaining Microsoft Sentinel, Google Chronicle and surrounding Microsoft Azure cloud-based solutions to enhance our clients’ security operations capabilities.  This engineer will be focused on delivering Microsoft Azure specific professional services to enhance customer cybersecurity operations visibility and general posture.

Key Responsibilities:

• Design, implement, and maintain Microsoft Sentinel and/or Google Chronicle solutions across multiple and diverse client environments.
• Deliver and document all written technical recommendations, and other technical deliverables.
• Configure data connectors, implement log collection policies, and ensure seamless integration with existing client security systems.
• Develop and refine KQL queries and analytics rules to detect, investigate, and respond to security threats.
• Design and automate response actions and workflows to improve incident response times.
• Apply MITRE ATT&CK methodology to emphasize event log visibility requirements and to assess overall security operations detection maturity.
• Provide expert guidance and training to customer security teams on Microsoft Sentinel industry best practices.
• Stay updated with the latest security trends and technologies that facilitate continuously improving our security operations offerings for customers.
• Discuss and present Security Operations principles referencing Microsoft Azure Sentinel and surrounding architecture.

Qualifications:

• Minimum 4 years of experience in cybersecurity operations specific to incident investigation and response.
• Minimum of 3 years focused on Microsoft Sentinel and/or Google Chronicle including but not limited to Entra, Purview and/or Defender suite of applications, Microsoft Sentinel and Log Analytics Workspace (LAW).
• Knowledge of tactics, techniques, and procedures (TTPs) as developed and outlined by the MITRE ATT&CK framework.
• Proficient in creating and managing KQL queries and understanding of Azure services related to security and compliance.
• Demonstrate ability to design and implement complex security solutions in large-scale environments.
• Excellent problem-solving skills and the ability to work in a dynamic, fast-paced environment.
• Strong communication skills with proficiency in presenting technical information to non-technical stakeholders.
• Familiarity with Python, PowerShell or similar development experience is preferred.
• Preferred experience with additional SIEM or data analytics tools such as Splunk, QRadar, Elastic, Securonix, Sumo Logic, Logscale, Snowflake, etc.
• Prior consulting experience preferred, or experience working in a client-facing role.
• Familiarity with Breach and Attack Simulation security tools preferred.

Certification and Education Requirements

• Microsoft Certified: Azure Security Engineer Associate.
• GIAC Incident Handler, CISSP, and/or similar.
• Bachelors degree and/or equivalent experience in relative field of expertise.