Microsoft Sentinel Implementation Specialist (SOC / SIEM)

Job Description

Role Summary

We are hiring a Senior Microsoft Sentinel Implementation Specialist with strong hands-on experience in SIEM deployment, log onboarding, detection engineering, and SOC optimization.

This role is implementation-heavy, requiring someone who can build, tune, and mature a Sentinel environment, not just monitor alerts. The ideal candidate should have experience working in enterprise SOC environments and be comfortable handling multi-source log integration, correlation, and automation.

• Implement and configure Microsoft Sentinel for enterprise environments
• Onboard logs from:
• Firewalls, WAF, IDS/IPS, proxy
• Endpoints (Defender / EDR tools)
• Azure / AWS / GCP workloads
• Entra ID (Azure AD), Active Directory
• SaaS applications (M365, custom apps)
• Configure data connectors, parsers, and normalization

1. Detection Engineering & Correlation

• Develop and tune analytics rules using KQL
• Build correlation use cases across multiple log sources
• Map detections to MITRE ATT&CK techniques
• Create custom detection scenarios based on real-world threats

1. Monitoring, Tuning & Noise Reduction

• Fine-tune rules to reduce false positives and alert fatigue
• Improve detection quality and signal-to-noise ratio
• Establish baselines and behavioural patterns
• Continuously optimize alerting logic

1. Incident Response & SOC Operations

• Investigate and respond to security incidents
• Perform root cause analysis and attack chain mapping
• Support L2/L3 escalation handling
• Define and improve incident response workflows

1. SOAR & Playbook Automation

• Build and maintain Sentinel playbooks (Logic Apps)
• Automate alert enrichment, notifications, and response actions
• Integrate threat intelligence feeds (VirusTotal, etc.)
• Reduce manual SOC effort through automation

1. Reporting & Dashboards

• Create Sentinel dashboards and workbooks
• Track metrics such as:
• Alert volumes
• MTTR
• Detection coverage
• Provide insights for SOC improvement

• Strong hands-on experience with Microsoft Sentinel (mandatory)
• Good knowledge of KQL (Kusto Query Language)
• Experience in log onboarding from multiple device types
• Hands-on experience in SIEM rule tuning and false positive reduction
• Exposure to incident response and SOC workflows
• Experience with SOAR / Playbook automation (Logic Apps preferred)

• Experience with Microsoft Defender Suite (XDR, Endpoint, O365, Cloud)
• Knowledge of Entra ID (Azure AD) and identity security
• Exposure to AWS / multi-cloud environments
• Basic scripting (PowerShell / Python)
• Understanding of MITRE ATT&CK framework

• SC-200 (Microsoft Security Operations Analyst)
• AZ-500 (Azure Security Engineer)

• Comes from a SOC / SIEM engineering background (not just monitoring)
• Has worked on implementation or major tuning projects
• Strong in problem solving and log analysis
• Able to work with minimal supervision in a fast-paced environment