SOC Analyst

Join Verdantas – A Top #ENR 81 FirmWe at Verdantas, seeking for skilled and motivated Microsoft Sentinel SIEM Engineer to join our dynamic cybersecurity team. In this role, you will be responsible for the end-to-end management, optimization, and advanced configuration of our Microsoft Sentinel SIEM and Microsoft 365 Defender platform. You will play a critical role in protecting our digital assets by designing and implementing detection rules, automating response actions, and hunting for advanced threats. The ideal candidate is a proactive problem-solver with deep technical expertise in the Microsoft security ecosystem and a passion for building resilient security operations.Experience: 5+ years of hands-on experience in a security engineering or analyst role, with at least 2 years focused on Microsoft Sentinel.Key Areas:Monitoring and MaintenanceThreat Detection and AnalysisAutomation and OrchestrationThreat HuntingIncident Response SupportCollaboration and CommunicationContinuous ImprovementKey Roles and ResponsibilitiesDay-to-day activities of a Sentinel SIEM Expert are a mix of proactive engineering, reactive response, and strategic improvement. While an analyst might watch the queue, an expert builds and tunes the system1. Platform Management & AdministrationDeployment & Configuration: Architect, deploy, and configure Microsoft Sentinel workspaces, including data connector setup, log ingestion, and workspace optimization.Data Onboarding: Manage the ingestion of log data from various sources (e.g., Microsoft 365 Defender, Azure AD, Azure Activity Logs, on-premises servers, firewalls, endpoints via Azure Arc and AMA).Health Monitoring: Proactively monitor the health, performance, and cost of the Sentinel environment. Troubleshoot and resolve issues related to data ingestion, agent health, and analytics rule execution.Lifecycle Management: Manage the lifecycle of analytics rules, watchlists, hunting queries, and workbooks.2. Threat Detection & Content DevelopmentAnalytics Rule Creation: Design, develop, test, and tune custom analytics rules using Kusto Query Language (KQL) to detect malicious activity, threats, and anomalies.SOC Use Case Implementation: Translate business requirements and threat intelligence into effective, actionable detection logic within Sentinel.Leverage Built-in Templates: Utilize and customize built-in analytics rule templates from Microsoft and the community to accelerate detection coverage.Threat Intelligence Integration: Integrate threat intelligence platforms (TIP) and indicators of compromise (IOCs) into Sentinel to enhance detection capabilities.3. Automation & Response (SOAR)Playbook Development: Design, build, and maintain Azure Logic Apps playbooks to automate incident response and orchestrate security workflows (e.g., auto-quarantine emails, disable user accounts, trigger investigations).Automation Rule Management: Create and manage Automation Rules to standardize incident triage, assignment, and lifecycle (e.g., auto-close false positives, set severity levels).Efficiency Improvement: Continuously seek opportunities to automate manual SOC tasks, reducing Mean Time to Respond (MTTR) and Mean Time to Acknowledge (MTTA).4. Threat Hunting & Proactive DefenseProactive Hunting: Conduct proactive threat hunting campaigns using advanced KQL queries to uncover hidden threats that may evade traditional detection methods.Hunting Notebooks: Develop and utilize Jupyter notebooks within Sentinel for deep-dive, interactive investigations.Research & Development: Stay current with the latest adversary TTPs (Tactics, Techniques, and Procedures) and develop new hunting hypotheses.5. Investigation & Incident SupportIncident Analysis: Serve as an escalation point for Tier 2/3 SOC analysts, providing expertise during complex incident investigations.Forensic Data Enrichment: Use Sentinel's investigation graph and entity pages to enrich incident data and understand the full scope of an attack.Documentation: Create and maintain detailed documentation for runbooks, playbooks, hunting guides, and standard operating procedures (SOPs).6. Collaboration & ReportingStakeholder Reporting: Develop and maintain dashboards and workbooks to provide visibility into the security posture, key metrics (KPIs), and threat landscape for management and other stakeholders.Cross-Functional Collaboration: Work closely with the IT infrastructure, cloud, and application development teams to ensure proper logging and security best practices are followed.Mentorship: Mentor and provide technical guidance to junior SOC analysts and engineers.Act as an escalation point for Tier 2/3 SOC analysts struggling with a complex investigation.Provide a "second opinion" on the scope and impact of a potential security incident.Mentor junior engineers and analysts on KQL, Azure, and security concepts.