Infra Security SME//SOC SME

Summary: The Infra Security SME/SOC SME role requires over 10 years of experience in cybersecurity, focusing on the design and implementation of security measures, including endpoint security and network security. The position involves configuring security systems, deploying agents, and integrating threat intelligence to enhance security monitoring and incident response. Candidates will lead the deployment of Microsoft Sentinel across global environments and develop custom analytics for threat detection. Strong documentation and reporting skills are essential for this role.

Key Responsibilities:

• Configure & ensure availability of required logs into Sentinel (such as EDR, Qualys, Firewalls etc)
• EDR Deployment Planning: Assess the lab infrastructure and endpoints to determine deployment scope and strategy.
• Plan for agent installation, network requirements, and compatibility with existing systems.
• Deploy Falcon agents on chosen relevant endpoints
• Tune settings to minimize false positives while maintaining strong security posture
• Work with SOC consultant to configure alert rules and incident response workflows in Sentinel based on CrowdStrike telemetry
• Simulate endpoint threats to validate EDR detection and SIEM alerting.
• Test Crowd strikes performance against the OT security visibility and threat protection use cases.
• Set up data connectors between CrowdStrike and Sentinel using APIs or native integrations.
• Documentation & reporting: Document deployment steps, configurations and integration details.
• Lead Sentinel Deployment for OT SOC Architect and implement Microsoft Sentinel across global OT environments to centralize security monitoring and incident response.
• Log Source Integration Configure and onboard diverse log sources including Nozomi Networks, Firewalls, EDR (eg, Defender for Endpoint), VMDR (eg, Qualys), and other OT/IT systems into Sentinel.
• Custom Analytics & Detection Rules Develop, and fine-tune KQL-based analytics rules tailored to OT threat scenarios, ensuring high-fidelity alerts and minimal false positives.
• Threat Intelligence Integration Integrate threat intelligence feeds into Sentinel to enhance detection capabilities and contextualize alerts within the OT landscape.
• Incident Response Automation Design and implement playbooks using Logic Apps to automate incident response workflows for common OT security events.
• Execution of the use cases on SIEM, SOAR & Threat Intelligence
• Build custom workbooks and dashboards to visualize OT security posture, threat trends, and SOC performance metrics.

Key Skills:

• 10+ years of experience in Cybersecurity
• Expertise in Security Agent design and implementation
• Experience with EDR, SIEM, SOAR, and Threat Intelligence
• Proficient in Microsoft Sentinel and KQL
• Strong understanding of network security and incident response
• Ability to document and report on security configurations and deployments

Salary (Rate): undetermined

City: Coventry

Country: UK

Working Arrangements: undetermined

IR35 Status: undetermined

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

Infra Security SME:

Role: 10+ years of experience in Cyber security Designing & implementation of Security Agents, Development, Security agent migration, Physical Security exploitation and design flaw addressment & Endpoint Security.

Key Responsibilities:

• Configure & ensure availability of required logs into Sentinel (such as EDR, Qualys, Firewalls etc)
• EDR Deployment Planning: Assess the lab infrastructure and endpoints to determine deployment scope and strategy.
• Plan for agent installation, network requirements, and compatibility with existing systems.
• Deploy Falcon agents on chosen relevant endpoints
• Tune settings to minimize false positives while maintaining strong security posture
• Work with SOC consultant to configure alert rules and incident response workflows in Sentinel based on CrowdStrike telemetry
• Simulate endpoint threats to validate EDR detection and SIEM alerting.
• Test Crowd strikes performance against the OT security visibility and threat protection use cases.
• Set up data connectors between CrowdStrike and Sentinel using APIs or native integrations.
• Documentation & reporting: Document deployment steps, configurations and integration details.

SOC SME:

Role: 10+ years of experience in Cyber security Designing & implementation on Network Security, SIEM, SOAR & Threat Intelligence.

Key Responsibilities:

• Lead Sentinel Deployment for OT SOC Architect and implement Microsoft Sentinel across global OT environments to centralize security monitoring and incident response.
• Log Source Integration Configure and onboard diverse log sources including Nozomi Networks, Firewalls, EDR (eg, Defender for Endpoint), VMDR (eg, Qualys), and other OT/IT systems into Sentinel.
• Custom Analytics & Detection Rules Develop, and fine-tune KQL-based analytics rules tailored to OT threat scenarios, ensuring high-fidelity alerts and minimal false positives.
• Threat Intelligence Integration Integrate threat intelligence feeds into Sentinel to enhance detection capabilities and contextualize alerts within the OT landscape. Incident Response Automation Design and implement playbooks using Logic Apps to automate incident response workflows for common OT security events.
• Execution of the use cases on SIEM, SOAR & Threat Intelligence
• Build custom workbooks and dashboards to visualize OT security posture, threat trends, and SOC performance metrics.