Job Description:
Experience: 5–10+ years
Certifications Preferred: Microsoft Certified: Security Operations Analyst Associate, Microsoft Certified: Azure Security Engineer Associate
Job Summary:
We are seeking a skilled and proactive Security Engineer with hands-on experience in deploying and managing Microsoft Defender for Server and Microsoft Sentinel. This role is ideal for professionals who can work across both platforms to deliver integrated threat detection, response, and monitoring capabilities in hybrid environments. The engineer will be responsible for implementing advanced security controls, automating incident response, and ensuring visibility across on-premises and cloud infrastructure.
Key Responsibilities:
Microsoft Defender for Server:
- Deploy and configure Microsoft Defender for Endpoint (MDE) on Windows and Linux servers (on-prem and hybrid).
- Integrate Defender for Endpoint, Defender for Identity, and Defender for Servers into the broader security infrastructure.
- Create and manage automated response playbooks using Logic Apps and Microsoft Defender XDR.
- Use Advanced Hunting with Kusto Query Language (KQL) to investigate and analyze threat activity.
- Monitor and fine-tune attack surface reduction rules, EDR policies, and vulnerability management features.
- Ensure compliance with organizational security policies and regulatory requirements.
Microsoft Sentinel:
- Deploy and configure Microsoft Sentinel for real-time monitoring of on-premises and cloud infrastructure.
- Set up and manage Log Analytics Workspaces and configure data connectors for ingestion from various sources.
- Configure Syslog, Common Event Format (CEF), and Windows Event Forwarding (WEF) for security devices, firewalls, and servers.
- Develop and optimize custom KQL queries to analyze security logs and detect anomalies.
- Design and implement workbooks and dashboards for operational visibility and executive reporting.
- Create and manage alert rules, analytics rules, and incident response playbooks for automated threat mitigation.
Technical Skills & Expertise:
- Microsoft Defender Suite:
- Defender for Endpoint (MDE)
- Defender for Identity
- Defender for Servers
- Microsoft Defender XDR
- Logic Apps for automation
- Microsoft Sentinel:
- Sentinel deployment and configuration
- Log Analytics Workspace management
- Data ingestion via Syslog, CEF, WEF
- KQL for advanced threat hunting
- Workbook and dashboard creation
- Alerting and incident response automation
- Security Operations & Integration:
- SIEM/SOAR integration
- Threat detection and response workflows
- Integration with Microsoft Entra ID (Azure AD), Intune, and other M365 security tools
- Scripting & Automation:
- PowerShell, Azure CLI, ARM templates
- Logic Apps, Azure Functions
- Compliance & Governance:
- Familiarity with frameworks like NIST, ISO 27001, CIS Benchmarks
- Experience in regulated environments (e.g., BFSI, healthcare, government)
Preferred Qualifications:
- Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field
- Microsoft certifications (e.g., SC-200, AZ-500)
- Experience with hybrid cloud environments (Azure, AWS, on-prem)
- Familiarity with MITRE ATT&CK framework
Soft Skills:
- Strong analytical and problem-solving skills
- Excellent communication and documentation abilities
- Ability to work independently and collaboratively in a fast-paced environment
Proactive mindset with a focus on continuous improvement
