SOC Analyst

Join Verdantas – A Top #ENR 81 FirmWe at Verdantas, seeking for skilled and motivated Microsoft Sentinel SIEM Engineer to join our dynamic cybersecurity team. In this role, you will be responsible for the end-to-end management, optimization, and advanced configuration of our Microsoft Sentinel SIEM and Microsoft 365 Defender platform. You will play a critical role in protecting our digital assets by designing and implementing detection rules, automating response actions, and hunting for advanced threats. The ideal candidate is a proactive problem-solver with deep technical expertise in the Microsoft security ecosystem and a passion for building resilient security operations.Experience: 5+ years of hands-on experience in a security engineering or analyst role, with at least 2 years focused on Microsoft Sentinel.Key Areas: Monitoring and Maintenance Threat Detection and Analysis Automation and Orchestration Threat Hunting Incident Response Support Collaboration and Communication Continuous ImprovementKey Roles and Responsibilities Day-to-day activities of a Sentinel SIEM Expert are a mix of proactive engineering, reactive response, and strategic improvement. While an analyst might watch the queue, an expert builds and tunes the system 1. Platform Management & Administration Deployment & Configuration:Architect, deploy, and configure Microsoft Sentinel workspaces, including data connector setup, log ingestion, and workspace optimization. Data Onboarding:Manage the ingestion of log data from various sources (e.g., Microsoft 365 Defender, Azure AD, Azure Activity Logs, on-premises servers, firewalls, endpoints via Azure Arc and AMA). Health Monitoring:Proactively monitor the health, performance, and cost of the Sentinel environment. Troubleshoot and resolve issues related to data ingestion, agent health, and analytics rule execution. Lifecycle Management:Manage the lifecycle of analytics rules, watchlists, hunting queries, and workbooks.2. Threat Detection & Content Development Analytics Rule Creation:Design, develop, test, and tune custom analytics rules using Kusto Query Language (KQL) to detect malicious activity, threats, and anomalies. SOC Use Case Implementation:Translate business requirements and threat intelligence into effective, actionable detection logic within Sentinel. Leverage Built-in Templates:Utilize and customize built-in analytics rule templates from Microsoft and the community to accelerate detection coverage. Threat Intelligence Integration:Integrate threat intelligence platforms (TIP) and indicators of compromise (IOCs) into Sentinel to enhance detection capabilities.3. Automation & Response (SOAR) Playbook Development:Design, build, and maintain Azure Logic Apps playbooks to automate incident response and orchestrate security workflows (e.g., auto-quarantine emails, disable user accounts, trigger investigations). Automation Rule Management:Create and manage Automation Rules to standardize incident triage, assignment, and lifecycle (e.g., auto-close false positives, set severity levels). Efficiency Improvement:Continuously seek opportunities to automate manual SOC tasks, reducing Mean Time to Respond (MTTR) and Mean Time to Acknowledge (MTTA).4. Threat Hunting & Proactive Defense Proactive Hunting:Conduct proactive threat hunting campaigns using advanced KQL queries to uncover hidden threats that may evade traditional detection methods. Hunting Notebooks:Develop and utilize Jupyter notebooks within Sentinel for deep-dive, interactive investigations. Research & Development:Stay current with the latest adversary TTPs (Tactics, Techniques, and Procedures) and develop new hunting hypotheses.5. Investigation & Incident Support Incident Analysis:Serve as an escalation point for Tier 2/3 SOC analysts, providing expertise during complex incident investigations. Forensic Data Enrichment:Use Sentinel's investigation graph and entity pages to enrich incident data and understand the full scope of an attack. Documentation:Create and maintain detailed documentation for runbooks, playbooks, hunting guides, and standard operating procedures (SOPs).6. Collaboration & Reporting Stakeholder Reporting:Develop and maintain dashboards and workbooks to provide visibility into the security posture, key metrics (KPIs), and threat landscape for management and other stakeholders. Cross-Functional Collaboration:Work closely with the IT infrastructure, cloud, and application development teams to ensure proper logging and security best practices are followed. Mentorship:Mentor and provide technical guidance to junior SOC analysts and engineers. Act as an escalation point for Tier 2/3 SOC analysts struggling with a complex investigation. Provide a "second opinion" on the scope and impact of a potential security incident. Mentor junior engineers and analysts on KQL, Azure, and security concepts.