Senior Cloud Security Expert

We are seeking a highly experienced and proactive Senior Cloud Security Engineer to specialize in Microsoft Sentinel and Threat Hunting.

• Microsoft Sentinel Deployment & Configuration: Lead the deployment and configuration of Microsoft Sentinel and its dependent resources, ensuring optimal setup for security monitoring.
• Data Integration: Integrate diverse data sources into the SIEM (Security Information and Event Management) for holistic threat visibility across the enterprise.
• Query & Alert Development: Develop advanced KQL (Kusto Query Language) queries and build sophisticated analytical rules and alerts within Sentinel for effective threat detection.
• Use Case Implementation: Design and implement security use cases meticulously aligned to industry-recognized frameworks such as NIST (National Institute of Standards and Technology) and MITRE ATT&CK.
• SOAR Workflow Automation: Build SOAR (Security Orchestration, Automation, and Response) workflows using Azure Logic Apps for automated incident response and efficient security operations.
• Threat Hunting & Simulation: Proactively perform threat hunting exercises and simulate non-invasive attacks based on observed Tactics, Techniques, and Procedures (TTPs) and known threat actor behavior.
• Incident Response: Conduct in-depth forensic analysis, root cause analysis (RCA), and efficient incident triage for security incidents.
• Threat Intelligence Utilization: Leverage threat intelligence feeds for proactive defense and to refine detection strategies.
• Reporting & Metrics: Create and maintain comprehensive KPI dashboards and reporting metrics for various stakeholders, providing clear insights into the security posture.
• Proof of Concepts (PoCs): Build Proof of Concepts (PoCs) for domain-specific security implementations, demonstrating feasibility and value.
• EDR & CASB Management: Utilize and maintain EDR (Endpoint Detection and Response) and CASB (Cloud Access Security Broker) tools, with a preference for Microsoft Defender ATP.
• Hybrid/Multi-Cloud Security: Maintain and enhance security posture in complex hybrid and multi-cloud environments (Azure, AWS, GCP).
• Custom Security Objects: Create custom security policies, dashboards, and workbooks in Sentinel to tailor monitoring and reporting.
• Compliance Support: Participate in compliance control strategies (e.g., PCI, PII) using Azure Automation to ensure regulatory adherence.
• CSPM Support: Support Cloud Security Posture Management (CSPM) tool testing and policy scoring to identify and remediate cloud misconfigurations.
• Report Generation: Support in report generation (daily, weekly, quarterly, annually) for various stakeholders, providing clear and actionable insights.

• Core Security Fundamentals: Deep understanding of Active Directory, DNS Security, Network Protocols, Web Technologies, TLS, and Firewalls.
• EDR Solutions: Proficient in EDR solutions, with a strong preference for Microsoft Defender ATP.
• Azure Cloud Security: Extensive hands-on experience with Azure cloud security technologies, including but not limited to Defender for Cloud, Defender for Identity, Defender for Office 365, Azure Security Center, Azure Firewall, and Azure Network Security Groups.
• Multi-Cloud Exposure: Exposure to GCP (e.g., Security Command Center, Confidential Computing) and AWS (e.g., Security Hub, GuardDuty, Macie) is a significant plus.
• Scripting: Proficient in PowerShell, Bash, Python scripting (preferred but not mandatory for all aspects of the role).
• IT Forensics: Knowledge of IT Forensics tools, techniques, and methodologies for incident investigation.
• Policy & Automation: Experience in policy creation, dashboarding, and process automation within security tools.

• Exposure to Advanced Cloud Security Services: Exposure to Cloud App Security, Azure Key Vault, Confidential Computing, AWS Shield, and other advanced cloud security services.
• Industry Certifications: Industry certifications like AZ-500 (Microsoft Azure Security Technologies), SC-200 (Microsoft Security Operations Analyst), AWS Certified Security - Specialty, etc.
• SOC Process Setup: Experience with setting up SOC processes or implementing relevant security procedures.