Security Engineer - SIEM (7-12 yrs)

Job Summary :

We are seeking a highly skilled and analytical Security Engineer with a strong focus on Security Information and Event Management (SIEM) solutions, particularly Microsoft Sentinel. The ideal candidate will be responsible for designing, implementing, and managing robust security monitoring platforms, ensuring effective threat detection, incident response, and continuous improvement of our security posture. This role requires hands-on experience with log source onboarding, custom connector development, Kusto Query Language (KQL) proficiency, and a solid understanding of security frameworks within a dynamic environment.

Key Responsibilities :

- Design, implement, and maintain security information and event management SIEM solutions, with a primary focus on Microsoft Sentinel.

- Execute hands-on onboarding of diverse log sources into Microsoft Sentinel, ensuring comprehensive data ingestion for security monitoring.

- Develop and implement custom connectors for bespoke log sources, encompassing the entire process of onboarding and event parsing to normalize and enrich security data.

- Create and optimize detection rules, analytics, and playbooks within Sentinel to enhance threat detection capabilities and automate incident response.

- Perform advanced security analysis and threat hunting using Kusto Query Language KQL to identify sophisticated threats and anomalies.

- Develop and maintain automation scripts using Python or PowerShell to streamline security operations, data collection, and response actions.

- Collaborate with incident response teams to investigate security incidents, provide critical data, and support the resolution process.

- Ensure the SIEM platform adheres to security frameworks and incident response methodologies, contributing to the continuous improvement of our security posture.

- Participate in security audits and provide evidence of compliance related to logging and monitoring.

- Work within a DevOps model, applying principles of infrastructure-as-code IaC, Continuous Integration CI/CD, and managing ETL pipelines for security logs, potentially using Elastic Logstash.

- Analyze and optimize log data for efficient storage, querying, and cost-effectiveness.

Required Skills and Qualifications :

- Bachelor's degree in Computer Science, Information Security, or a related technical field.

- Experience in Sentinel or SIEM solutions.

- Hands-on experience in onboarding log sources into Microsoft Sentinel.

- Practical experience in developing custom connectors for custom log sources, including onboarding and event parsing.

- Strong understanding of security frameworks such as NIST, ISO 27001, and incident response methodologies.

- Proficiency in Kusto Query Language KQL.

- Experience with scripting languages such as Python or PowerShell.

Preferred Skills :

- SIEM migration experience.

- Working experience in an MSSP Managed Security Service Provider environment.

- Exposure and experience working in a DevOps model, especially with infrastructure-as-code IaC, CI/CD, and ETL pipelines using Elastic Logstash.

- Any experience with ASIM tables, customized Logstash/DCR rules, MSSP architecture, or log optimization.

- Microsoft Azure Security Engineer Associate or Microsoft Certified Azure Solutions Architect Expert certification.

- Familiarity with cloud security services.