Job description

Description

Microsoft Sentinel SIEM Administrator

Role Summary

We are seeking a skilled Sentinel Administrator to setup, manage, and optimize Microsoft Azure Sentinel, ensuring the seamless operation of our security systems. This position includes tasks such as

setting up, configuring, maintaining, and monitoring security alerts, creating automation solutions, and

assisting the SOC team with incident response. The ideal candidate should have a solid grasp of

cybersecurity principles, SIEM platforms, and incident management processes.

Qualifications

Bachelor's degree, Engineering in Information Communications Technology (ICT), Computer Science, or other IT-related discipline, or relevant certification in Cybersecurity.
3+ years of experience in Microsoft Sentinel SIEM environment administration.
Solid grasp of cybersecurity principles, SIEM platforms, and incident management processes.
Good written and verbal communication skills Analytical and critical mindset

Job Description

Main responsibilities are, but not limited to:

Manage Sentinel Environment

Oversee the deployment, configuration, and maintenance of Microsoft Azure Sentinel SIEM.
Create and sustain data connectors to integrate logs from diverse sources such as firewalls, endpoints, and cloud services.
Handle the integration of applications within the Sentinel environment.

Use Case and Rule Development

Create automation workflows and playbooks in Sentinel to optimize incident detection and response.
Implement Security Orchestration, Automation, and Response (SOAR) capabilities for enhance response management.
Support and collaboration with SOC and customers Coordinate with SOC analysts, IT teams, and security engineers to address security events and incidents.
Provide support and troubleshooting for log ingestion and integration issues.

Reporting

Create and maintain dashboards, reports, and other visualizations for eyes-on-screen monitoring of security events, incidents, and trends.
Provide reports on incident trends, operational effectiveness, and overall security posture of the environment.

Skills Requirement

Demonstrated expertise with Microsoft Azure Sentinel or comparable SIEM platforms.
In-depth knowledge of SIEM principles, log management, and incident detection/response.
Proficiency in KQL (Kusto Query Language) for crafting and optimizing queries in Sentinel.
Acquainted with security frameworks (NIST, ISO 27001) and incident management protocols.
Understanding of cloud security (Azure/AWS), firewalls, endpoint protection, and network security protocols.
Capability to create playbooks, automation workflows, and use cases in Sentinel.
Strong communication and teamwork abilities.
Certifications like Microsoft Certified: Security Operations Analyst Associate or equivalent.
Practical experience with SOAR tools and security operations automation.
Experience with scripting languages such as PowerShell, Python, or others for automation.

Required profile