Design, implement, and optimize Azure Sentinel-based security monitoring solutions across cloud and hybrid environments. Develop scalable analytics, automation, threat detections, and integrate data and develop data sources from enterprise systems.
Key Highlights
Technical Skills Required
Benefits & Perks
Job Description
HI Folks
Please check the JD and share your updated resume to my email naresh@sapphiresoftwaresolutions.com and ping me on whatsapp (+91 970-529-6474) along with your resume
Product Security Operations Engineer
1 year contract
100% Remote(Hyderabad Preferred)
Experience*:
3 to 7 years of experience in Security engineering and Security operations.
Skills:
3 years of hands-on experience with Microsoft Sentinel, KQL and terraform.
Strong understanding of Azure ecosystems and Azure Infrastructure/Platform service including common security services (firewalls, WAF, IDPS and RBAC).
Experience building customer analytics rules, playbooks and workbooks.
Understanding of MITRE ATT&CK, incident response and security monitoring best practices.
Experience with scripting and query languages like Python, Terraform, JSON and KQL.
The Security Operations Engineer role is responsible for designing, implementing, and optimizing Azure Sentinel-based security monitoring solutions across cloud and hybrid environments. This role focuses on building scalable analytics, automation, threat detections, and integrating data and developing data sources from enterprise systems—including Azure, M365, network security tools, serverless applications, containerized resources and IoMT environments where applicable.
This role serves as a technical expertise for Azure Sentinel engineering, KQL query development, security automation (SOAR), threat detection improvements, log onboarding, optimizing log ingestion, creating efficiency and framework dashboards and reporting design to support a high-maturity SOC
PRIMARY DUTIES AND RESPONSIBILITIES
Deploy, configure, and maintain Microsoft Sentinel workspaces across multiple tenants and environments.
Integrate new data sources including Azure AD, Azure Platform and Infrastructure Services, M365, firewall logs, Azure Kubernetes Services, Serverless Application services, Defender for Cloud, DigiCert Trust Manager and other scanning tools (SBOM, SAST and DAST).
Implement Sentinel connectors, custom REST API connectors, and ingestion pipelines.
Develop custom KQL analytics rules, UEBA scenarios, and threat-detection use cases mapped to MITRE ATT&CK. Build threat-hunting queries and playbooks. Conduct proactive threat hunting using KQL and threat intelligence.
Tune and optimize detection rules to reduce noise and increase signal-to-noise ratio.
Create and maintain Microsoft Sentinel Playbooks (Logic Apps) for automated response, enrichment, and workflow orchestration.
Automate triage tasks such as threat intel lookup, user/device enrichment, blocking actions, ticket creation, and notification flows.
Work with application teams, cloud engineers, and application teams to ensure structured logging and schema alignment.
Build Sentinel Notebooks (Azure ML) for advanced investigation workflows.
Build executive- and analyst-level Sentinel workbooks for KPIs, threat trends, attack surface visibility, and SOC metrics.
Develop documentation for detection logic, automation workflows, system configuration, and integration patterns.
MINIMUM QUALIFICATIONS (To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the education, experience, knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.)
Education*:
Bachelor's degree in Computer Science, information technology, cybersecurity, or related area
Similar Jobs
Explore other opportunities that match your interests
Manager of Cybersecurity
CONMED Corporation
Insight Global
