Job description

SIEM Engineering & Detection and Integration:
Develop and optimize detection rules and use cases in Azure Sentinel and Microsoft Defender for Endpoint.
Analyze security logs to identify threats and vulnerabilities, fine-tuning alerts for improved accuracy.
Write KQL queries to detect malicious activity across cloud and endpoint environments.

Incident Investigation & Response:
Provide advanced support to SOC L1/L2 teams in triaging complex security incidents.
Collaborate with the IR team to contain and remediate security threats.
Participate in proactive threat hunting to enhance detection capabilities.

Security Tools Management:
Configure and manage Defender for Endpoint, Azure Sentinel, and related security tools to improve threat detection.
Implement additional Azure security tools to enhance detection coverage.

Threat Intelligence Integration:
Integrate threat intelligence feeds to enhance detection of APTs and targeted attacks.
Stay updated on emerging threats, integrating new intelligence into detection strategies.

Collaboration & Reporting:
Collaborate with security teams to improve detection and response processes.
Document and report on detection efforts, threat analysis, and incident response activities.
Continuous Improvement:

Mentor and train SOC L1/L2 analysts on advanced detection techniques and use cases for Azure Sentinel and Microsoft Defender for Endpoint.

Share knowledge about security trends, attack vectors, and best practices within the SOC.