Microsoft Security (Sentinel) Automation & Detection Engineer

Summary: The Microsoft Security (Sentinel) Automation & Detection Engineer will leverage expertise in security operations and incident response to deliver Microsoft SIEM detections and security automations. The role requires proficiency in automation tools and experience with integrating security tools and APIs. The successful candidate will lead the technical migration of log sources into Microsoft Sentinel and enhance the Cyber Defence Operation's efficiency through automation. Collaboration with various teams to improve operational processes is also a key aspect of the position.

Key Responsibilities:

• Lead technical migration of log sources into Microsoft Sentinel SIEM.
• Build security automations, logging, and SIEM detections to improve the Cyber Defence Operation’s efficiency, scalability, and incident response capabilities.
• Design, implement, and maintain automated workflows and playbooks to streamline CDO operations, including incident response, threat hunting, cyber threat intelligence, and vulnerability management.
• Collaborate with Cyber Defence Operation analysts to identify repetitive tasks and automate them to improve operational efficiency.
• Collaborate with Threat Intelligence, Incident Response, and Attack Surface Management to build and tune robust SIEM detections for both proactive and reactive response actions.
• Continuously evaluate automation solutions for performance, reliability, and scalability, making improvements as necessary.
• Collaborate with third-party vendors and service providers to leverage automation opportunities and ensure successful integrations.

Key Skills:

• Proficient in automation and orchestration tools (e.g., SOAR platforms, scripting languages like Python, PowerShell, KQL).
• Experience with managing and implementing Microsoft Sentinel log sources and detection.
• Hands-on experience with Sentinel Content Hub, Sentinel Analytics, Sentinel Automation, Azure Event Hub, Azure Logic Apps, and Azure Function Apps.
• Demonstrated ability in cybersecurity with at least 5 years in a technical role in security operations and/or security software development.
• Solid understanding of security operations, automation standard processes, detection engineering, and SIEM management.
• Experience with cloud security tools and platforms and their integration into SOC operations.
• Vendor-specific certifications for Security orchestration, automation, and response (SOAR) platforms (desirable).
• Ability to develop and implement long-term automation strategies aligned with security operation objectives (desirable).
• Meticulous focus on ensuring accuracy, reliability, and security in automation workflows (desirable).

Salary (Rate): undetermined

City: Cambridge

Country: undetermined

Working Arrangements: undetermined

IR35 Status: undetermined

Seniority Level: undetermined

Industry: IT