Umbrella Infocare

What You'll Do :

- SIEM Engineering & Management : Take ownership of configuring, managing, and maintaining the Microsoft Sentinel SIEM platform, including efficient log management, retention configurations, and cost-effective log storage.

- Possess at least 2 years of hands-on SIEM engineering activities.

- Incident Response & Analysis : Proactively monitor, analyze, investigate, and respond to security incidents detected within MS Sentinel, collaborating closely with the Security Operations Center (SOC) team and customers to ensure timely and effective resolution.

- Data Source Integration : Expertise in integrating and onboarding a wide range of devices (e.g., Linux, Palo Alto, Fortinet, Windows, etc.) into Azure Sentinel.

- Custom Parser Development : Demonstrate advanced skills in integrating data sources not supported by Sentinel's out-of-the-box capabilities, including custom parser development and troubleshooting technical integration issues within Sentinel.

- Troubleshooting & Maintenance : Troubleshoot and resolve complex issues related to SIEM (Sentinel) infrastructure and integrations, such as logs not reporting to Sentinel.

- Documentation & Reporting : Create detailed integration documents for customers as per requirements. Generate and review weekly/monthly reports to provide insightful analyses of security posture and SIEM effectiveness to customers.

- Use Case Management & Fine-tuning : Regularly review the performance of existing use cases, track fine-tuning activities, and proactively identify scenarios for further fine-tuning, communicating recommendations effectively to customers and internal teams.

- Client Communication & Support : Act as a primary point of contact for clients during any integration issues or security incidents, ensuring clear and consistent communication.

- Microsoft Defender Products Knowledge : Possess strong knowledge of various Microsoft Defender products and their integration with Azure We're Looking For :

- Experience : 4-7 years in cybersecurity with at least 2 years dedicated to SIEM engineering activities.

- Azure Sentinel Expertise : Proven hands-on experience with Microsoft Azure Sentinel, including its configuration, management, data ingestion, analytics rules, workbooks, and playbooks.

- Log Management : Strong understanding of log management, data retention, and cost optimization within a cloud SIEM environment.

- Integration Skills : Expertise in integrating diverse data sources (Windows, Linux, Network

Devices, Security Tools) with Azure Sentinel, including custom parser development (KQL).

- Incident Response : Experience in security incident monitoring, analysis, investigation, and response.

- Troubleshooting : Excellent troubleshooting skills for SIEM infrastructure and data ingestion issues.

- Microsoft Security Products : Strong knowledge of Microsoft Defender suite (Defender for Endpoint, Identity, Cloud Apps, etc.) and their interaction with Sentinel.

- Communication : Excellent verbal and written communication skills to interact effectively with SOC teams, customers, and stakeholders.

- Analytical Skills : Strong analytical and problem-solving abilities to identify security gaps and fine-tune security use cases.

- Documentation : Ability to create clear and comprehensive integration and reporting documentation

(ref:hirist.tech)

---