Description :
Experience : 5-10+ years
Preferred Certifications :
- Microsoft Certified : Security Operations Analyst Associate (SC-200)
- Microsoft Certified : Azure Security Engineer Associate (AZ-500)
Position Summary :
We are seeking a highly skilled and proactive Microsoft Defender & Sentinel Security Engineer to design, deploy, and manage advanced Microsoft security solutions across hybrid cloud environments.
This role focuses on implementing integrated threat detection, response, and monitoring capabilities using Microsoft Defender for Server and Microsoft Sentinel.
The ideal candidate will bring a deep understanding of Microsofts security ecosystem, automation workflows, and incident response best practices to ensure robust protection and visibility across on-premises and cloud infrastructure.
Key Responsibilities Defender for Server :
Deploy and configure Microsoft Defender for Endpoint (MDE) across Windows and Linux servers in on-premises and hybrid environments.Integrate Defender for Endpoint, Defender for Identity, and Defender for Servers into the broader enterprise security architecture.Build and manage automated incident response playbooks using Logic Apps and Microsoft Defender XDR.Utilize Advanced Hunting and Kusto Query Language (KQL) to investigate threats and analyze telemetry data.Optimize attack surface reduction rules, EDR policies, and vulnerability management configurations.Ensure continuous compliance with organizational security standards and regulatory requirements.Microsoft Sentinel :
Deploy and configure Microsoft Sentinel to enable real-time security monitoring across hybrid and multi-cloud environments.Configure Log Analytics Workspaces and manage data connectors for security log ingestion from diverse sources.Implement and tune Syslog, Common Event Format (CEF), and Windows Event Forwarding (WEF) integrations for security appliances and servers.Develop and refine KQL queries for anomaly detection, incident investigation, and threat analysis.Create dashboards, workbooks, and executive reports to visualize key security insights.Define and manage alerting rules, analytics rules, and automated response playbooks to improve detection and mitigation workflows.Technical Skills & Expertise :
Microsoft Defender Suite :
Defender for Endpoint (MDE)Defender for IdentityDefender for ServersMicrosoft Defender XDRLogic Apps for automation and orchestrationMicrosoft Sentinel :
Sentinel deployment and configurationLog Analytics Workspace setup and managementData ingestion via Syslog, CEF, and WEFKQL-based advanced threat hunting and reportingWorkbook and dashboard creationAlert rule and incident response automationSecurity Operations & Integration :
SIEM / SOAR integration and use-case developmentThreat detection, investigation, and response workflowsIntegration with Microsoft Entra ID (Azure AD), Intune, and other M365 security toolsScripting & Automation :
PowerShell, Azure CLI, and ARM templatesLogic Apps and Azure Functions for process automationCompliance & Governance :
Familiarity with NIST, ISO 27001, CIS Benchmarks, and similar frameworksExperience operating in regulated industries (e.g., BFSI, healthcare, government)Preferred Qualifications :
Bachelors or Masters degree in Cybersecurity, Computer Science, or related disciplineMicrosoft certifications : SC-200, AZ-500 (preferred)Experience managing hybrid cloud environments (Azure, AWS, on-premises)Knowledge of the MITRE ATT&CK framework for adversary behavior analysisSoft Skills :
Strong analytical, investigative, and problem-solving abilitiesExcellent communication and documentation skillsAbility to work independently and collaboratively in fast-paced environmentsProactive, detail-oriented mindset with focus on continuous improvement and automation(ref : hirist.tech)
