15 Microsoft Sentinel Jobs

We're Hiring: Cyber Security Analyst Location: Vijayawada Experience: 5-10 Years | Type: Full-Time | Industry: Cybersecurity, IT Security, Risk & Compliance Are you passionate about protecting digital assets and staying ahead of cyber threats? Join our cybersecurity team and help defend against evolving threats while ensuring enterprise-wide security and compliance. Role Overview We are seeking a Cyber Security Analyst to play a critical role in threat detection, vulnerability management, and compliance enforcement across our security infrastructure. Key Responsibilities Threat Detection & Response: Monitor security tools and logs, detect potential threats, and respond to incidents Vulnerability Management: Perform regular assessments, patch vulnerabilities, and enforce security standards Security Operations & Compliance: Operate and maintain SIEM tools, support internal/external audits, and ensure adherence to security policies Required Skills Proficiency in SIEM tools (Splunk, Microsoft Sentinel, IBM QRadar) and threat analysis techniques Strong understanding of network security, firewalls, antivirus, and endpoint protection Familiarity with compliance and risk frameworks: ISO 27001, NIST, GDPR, SOC 2 Ability to work collaboratively in a fast-paced security operations environment Preferred Certifications CISSP Certified Information Systems Security Professional CEH – Certified Ethical Hacker

Internal Job Title: Global Cyber Security Analyst Business: Lucy Electric Manufacturing & Technologies India Location: Halol, Vadodara, Gujarat Job Reference No: 3851 Job Purpose: Role Description: The Global Security Analyst is responsible for the maintenance and on-going support of all security systems, making sure they are designed and built by best practices, ensuring monitoring and alerting is fit for purpose, and taking the lead when issues arise. The role will closely work with all aspects of Group IT, promoting IT Security across the Lucy Group. Key Responsibilities: Help to lead all Lucy cyber security activities, helping to shape processes and following best practices Monitor and maintain current security systems Champion IT Security to Global IS by documenting processes and transitioning activities into various teams as required Be part of the Lucy Group's IT Security governance steering group Work with the Senior IT Management to raise the profile of IT Security Work on BAU activities related to security, ensuring quick resolution Lead on any major incidents or high-priority issues around IT Security, providing regular updates to Group IT Ensure documentation is current and up to date Work with the End User Support teams to transition and follow security processes Use technologies to mature the security estate using tools such as Microsoft endpoint protection and antivirus Work with the Global IT Network & Security Manager to implement new technologies to help secure Lucy Group's IT estate Work with infrastructure and cloud operations teams to keep network, software, and applications patched and updated Stay up to date on IT Security to understand and counteract new threats Help Lucy Group achieve accreditations such as Cyber Essentials and ISO27001 Skills, Qualification and Experience: Key Skills: Act always in a professional manner Excellent communication and collaboration skills with both internal and external stakeholders Ability to prioritize workloads Broad understanding of service management Ensure documentation is always up to date Agile mindset to adapt to changing situations Entrepreneurial spirit with problem-solving mindset Excellent customer relations skills Friendly, approachable, and able to communicate with colleagues of varying IT knowledge Collaborative and community focused Friendly and positive attitude Minimum Qualifications, Knowledge and Experience: 1+ years in an IT security role 3+ years in an IT Service Desk role Knowledge in security software, antivirus, SIEM, and Microsoft Sentinel ITIL4 Certification, or 2+ years equivalent experience in IT Service Management Experience with Active Directory, Windows 10+, M365, and endpoint security tools Desirable Skills, Qualifications, and Experience: Certification in Cloud Security software (e.g., Antivirus, O365 endpoint protection, Microsoft Sentinel) Project management certification or experience in delivering projects Understanding of the Data Protection Act, IDS, and IPS About Us: Lucy Group Ltd is the parent company of all Lucy Group companies. Incorporated in 1897, Lucy Group is diversified into four business units, based on the expertise gained and developed over 200 years. Today we employ in excess of 1400 people worldwide, with property and manufacturing operations in the UK, Saudi Arabia, UAE, South Africa, Brazil, Thailand, Malaysia, and India. Does this sound interesting We would love to hear from you. Our application process is quick and easy. Apply today!

We are RadarRadar, experts in the commodity production, trade and processing industry. As a technology company we continuously aim to support our clients with strong data & analytics and business intelligence tools. It is our mission to enable companies to unlock the full potential of their data to improve risk and margin management and boost performance. Awards won: Top 10 Trading & Risk Management Service Providers 2023 | Energy Business Review Technology Innovation Award 2023 | Commodities People Analytics Technology Leader of the Year 2023 | Commodities People Top Business Information Systems Company 2022 | Data Magazine We are looking for a skilled and proactive Security Associate to join our IT team. This role is very important in ensuring the security of our cloud infrastructure. The ideal candidate will have hands- on experience in Azure security services, Windows Server security, SQL Server security, and infrastructure administration. What you will do Manage and optimize Azure Security services, including Microsoft Sentinel, Azure Monitor, Defender for Cloud, Endpoint/Server, Identity etc. Configure and monitor Log Analytics Workspaces and workbooks for effective threat detection and incident response. Create and manage virtual network configurations, private endpoint connections and other networking/firewall resources. Implement security best practices for Azure resources, ensuring compliance on regulatory standards and respond to incidents. Manage security configurations using Azure Policy Manage and secure mobile devices and applications using Microsoft Intune. Manage identity, access and Conditional Access policies within Azure AD. Apply security hardening techniques to Windows Server environments. Monitor and manage security baselines, patch management, and vulnerability assessments. Implement and maintain Group Policies, security auditing, and logging. Enforce SQL Server security best practices, including log management. Conduct regular audits, compliance checks on Servers Manage roles, permissions, and security configurations to protect data integrity. Create and manage various Azure resource (VMs, SQL Servers, Storage accounts, App services, Gateways, key vaults etc.) Create, manage and optimize Azure automation runbooks Perform administrative tasks for SQL Server, Windows Server, Microsoft 365 services including Intune, Entra ID, Teams, Exchange, Purview for data governance etc. Ensure high availability and performance of servers and services. Troubleshoot and resolve infrastructure-related issues promptly. Support backup and restore, disaster recovery, and business continuity planning. What you will bring Bachelors degree in computer science, Information Technology, or related field. 3+ years of experience in Azure security and infrastructure management. Strong knowledge of Microsoft security tools (Sentinel, Defender for Cloud, Defender for Endpoint/server). Proficiency in Windows Server and SQL Server security practices. Experience with Microsoft 365 and Entra ID administration. Microsoft Certified: Azure Security Engineer Associate Microsoft Certified: Azure Administrator Associate Strong analytical and problem-solving abilities. Excellent communication and teamwork skills. Ability to manage multiple tasks and projects effectively. Strong attention to detail and a proactive security mindset. What you will get: Remote work model A competitive salary and working with an amazing international team. An inspiring environment where you learn every day. Personal development plans to help you reach your personal goals.

- Opportunity with Billion Dollar Canadian Multinational. - Looking for Strong technical acumen SOC Senior Analyst and offers the opportunity to significantly enhance the SOC's maturity by refining detection rules and incident response playbooks. Required Candidate profile 5+ Yrs in SOC. Kusto Query Language (KQL) queries, Microsoft Sentinel's Investigation Graph, User and Entity Behavior Analytics (UEBA) insights, Microsoft Defender XDR suite SC-200 Certification.

Key Responsibilities Act as an escalation point for high/critical severity incidents and perform thorough investigations. Analyze TTPs (Tools, Techniques, and Procedures) to identify attack vectors and lifecycle stages. Recommend improvements to security controls and organizational security hygiene. Conduct threat hunting and IOC/APT detection through advanced log analysis. Collaborate with clients security teams and internal teams for incident resolution and documentation. Identify process gaps and propose enhancements for the incident response lifecycle. Create, maintain, and improve runbooks, playbooks, and incident response processes. Actively participate in war room discussions, executive briefings, and team meetings. Must-Have Skills Minimum 3+ years of experience as a SOC L3 Analyst in a global SOC environment. Hands-on experience with SIEM tools such as Microsoft Sentinel, including rule writing in KQL and Use Case development. Strong incident response skills and experience writing response procedures and playbooks. Expertise in advanced threat detection, forensic investigation, and root cause analysis. Knowledge of threat hunting techniques and familiarity with attacker TTPs and MITRE ATT&CK framework. Experience with security monitoring, log analysis, and network traffic inspection. Ability to resolve and escalate incidents and provide detailed post-mortem analyses. Excellent communication and documentation skills for cross-functional collaboration. Good-to-Have Skills Familiarity with Use Case Factory and Managed Detection & Response (MDR) operations. Exposure to various security tools, including EDRs, vulnerability scanners, and SOAR platforms. Experience in training junior analysts and creating knowledge-sharing materials. Prior experience working in global customers/ MSSP environments with multiple customers.

Job Title: Cyber Security Engineer Location: Hyderabad Industry: Payment Card Processing / Fintech About the Role: We are looking skilled Cyber Security Engineers , you will be part of a global security landscape, helping enhance threat detection capabilities and ensure compliance readiness through active management and fine-tuning of SIEM systems and security tools. Key Responsibilities: Manage and fine-tune SIEM tools primarily Microsoft Sentinel and Wazuh Ingest, analyze, and correlate logs from tools such as CyberArk , JumpCloud , Encore , and other core platforms Update and optimize alert rules and detection logic to reduce false positives and improve threat visibility Assist in maintaining and managing the CyberArk PAM environment Collaborate with internal security teams and interface with audit teams to fulfill compliance obligations Support threat monitoring, detection, and initial incident triage activities across regions Provide technical input on security configurations and enhancements based on evolving threat and compliance needs Contribute to documentation and compliance reporting as required Help with Pen testing of all applications, coordinate with stakeholders to remediate the gaps. Key Requirements: 5–6 years of experience in Cybersecurity Engineering, SOC, or SIEM operations Hands-on experience with Microsoft Sentinel and/or Wazuh SIEM Familiarity with CyberArk or similar PAM solutions Proficiency in managing log ingestion pipelines and rule configuration Strong understanding of threat detection, incident response, and log correlation techniques Ability to work across teams and communicate effectively with audit/compliance stakeholders Experience working in a regulated environment (e.g., fintech, payment systems, banking) is a strong plus Nice to Have: Experience with compliance frameworks like PCI DSS, ISO 27001, or SOC 2 Familiarity with scripting or automation for security rule tuning Exposure to cloud-native security tools (Azure, GCP, etc.)

Manage the day-to-day operations of Microsoft Sentinel, including rule creation, log ingestion, data analytics, and alert triaging Develop and tune detection rules, use cases, and analytics within Sentinel to improve threat visibility and detection capabilities Leverage Wiz Defend to detect and respond to runtime threats across cloud workloads and Kubernetes environments in real-time Continuously monitor and investigate alerts generated by Wiz Defend to enhance threat detection, triage, and incident response capabilities Perform proactive threat hunting to identify and mitigate advanced threats Conduct in-depth incident investigations and coordinate response efforts to ensure swift remediation Collaborate with internal stakeholders and the Threat Intelligence team to identify and mitigate potential security threats Generate reports and dashboards to communicate SOC performance metrics and security posture to leadership Continuously improve SOC processes and playbooks to streamline operations and response efforts Mentor junior SOC analysts and provide guidance on security best practices This role requires participation in a rotational shift Flexibility and availability to respond to urgent incidents outside of assigned shifts, as needed What you'll bring: Strong analytical and problem-solving abilities Excellent communication and interpersonal skills to effectively collaborate with cross-functional teams Proven ability to remain calm and efficient under a high-pressure environment Proficient in using SIEM tools, such as Microsoft Sentinel Experience with data migration strategies across SIEM platforms Experience on Cloud Security Operations and Incident Response platforms such as Wiz In-depth understanding of cyber threats, vulnerabilities, and attack vectors Proficient in creating KQL queries and custom alerts within Microsoft Sentinel Expertise in developing SIEM use cases and detection rules Skilled in incident response and management procedures Experienced in conducting deep-dive investigations and root cause analysis for incidents Adept at collaborating with stakeholders to resolve complex cybersecurity challenges Ability to automate routine SOC processes to enhance operational efficiency Experienced in mentoring and guiding junior analysts in security operations Knowledge of major cloud platforms (AWS, Azure, GCP), including their security models, IAM roles, virtual private cloud (VPC) configurations, and cloud-native security tools Good to have skills and abilities: Excellent interpersonal (self-motivational, organizational, personal project management) skills Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System Ability to analyze cyber threats to develop actionable intelligence Skill in using data visualization tools to convey complex security information Academic Qualifications: Bachelors degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience) 4+ years of experience in a Security Operations Center (SOC) environment, with a focus on SIEM management Strong hands-on experience with Microsoft Sentinel, including data connectors, KQL queries, analytics rules, and workbooks Experience with SIEM migration Expertise in incident response, threat detection, and security monitoring Solid understanding of Windows, Linux, and cloud security concepts Relevant certifications (eg, CompTIA Security+, Microsoft Certified: Security Operations Analyst, GCIA, GCIH, OSDA, GCFA) are preferred Preferred Security Cloud Certifications: AWS Security Specialty

CompTIA Security+ Microsoft SC-900 Basic QRadar/Sentinel/LinkShadow/Darktrace training

Investigate, hunt, and lead escalated incident response using advanced threat detection from SIEM, EDR, NDR platforms. Develop and manage custom detection use cases aligned to threat frameworks and customer environments. Key Responsibilities: Monitoring, Investigation & Triage Triage and correlate alerts from SIEM (QRadar/Sentinel), EDR, and NDR Identify lateral movement, C2 activity, and data exfiltration Lead incident investigations and initiate containment measures Threat Hunting & Detection Engineering Proactive hunting using logs, flow data, and behavior analytics Apply MITRE ATT&CK for hypothesis-driven hunts Develop, test, and optimize custom detection rules Maintain a backlog aligned with emerging threats Tool Proficienc y SIEM: Advanced KQL/AQL queries, rule tuning, alert optimization EDR: Defender for Endpoint binary/process analysis, endpoint containment NDR: Darktrace/LinkShadow behavioral baselining, detection logic SOAR: Sentinel Playbooks / Cortex XSOAR for automated workflows Cloud Security: Azure AD alerts, MCAS, Defender for Cloud, M365 Defender Threat Intelligence Integration IOC/TTP enrichment Threat intel feed integration Contextual alert correlation Reporting & RCA Draft technical incident reports and RCAs Executive-level summaries for major incidents Cloud Security (Optional): Investigate alerts like impossible travel, app consent abuse Respond to cloud-native security incidents using Defender for Cloud, MCAS Create advanced SOAR workflows and playbook Tool Familiarity QRadar Microsoft Sentinel Microsoft Defender for Endpoint LinkShadow or Darktrace EOP/Exchange protection Antivirus platforms Defender for Identity / Defender for Cloud Advanced SOAR workflows (Sentinel playbooks / Cortex XSOAR) Network forensic tools like Wireshark / Zeek Certifications (Preferred): GCIH / GCIA / CEH Microsoft SC-200 / SC-100 QRadar Admin or equivalent Shift Readiness: 24x7 rotational shifts, including on-call support for escalations and major incidents Soft Skills: Strong analytical and documentation skills Proactive communicator Independent problem-solver and critical thinker

As an L1 SOC Analyst, you will be responsible for monitoring alerts and triaging basic security events from SIEM, EDR, and NDR platforms. Your role includes identifying suspicious activities, escalating incidents as per defined SOPs, and supporting the security operations team in daily monitoring tasks. Key Responsibilities: Monitor alerts from SIEM (QRadar, Microsoft Sentinel), EDR (Microsoft Defender for Endpoint), and NDR (LinkShadow/Darktrace) platforms Triage basic security events and validate incidents using established playbooks Escalate potential threats to L2 analysts based on severity and context Review and respond to AV/EDR alerts and execute predefined security queries Log incidents, document actions, and maintain ticketing system with accurate updates Enrich alerts with known threat intelligence and IOCs (IP, domain, file hashes) Support incident response efforts for phishing, malware, brute-force attacks, etc. Collaborate with team members and shift leads to ensure 24x7 monitoring coverage Tool Experience (Preferred): SIEM Tools: Basic use of QRadar and Microsoft Sentinel EDR/XDR: Microsoft Defender for Endpoint, Antivirus consoles NDR: LinkShadow or Darktrace (basic familiarity) Other Tools: Microsoft Exchange Online Protection (EOP), Azure AD Sign-In Logs (optional) Certifications (Preferred): CompTIA Security+ Microsoft SC-900 Shift Readiness: This role requires flexibility to work in 24x7 rotational shifts , including nights, weekends, and holidays. Required Skills: Understanding of basic cybersecurity concepts Familiarity with security alert triage and incident logging Basic knowledge of Indicators of Compromise (IOCs) Fast learner with strong attention to detail Effective communicator and team player

Job Summary: We are looking for a skilled Microsoft Sentinel SIEM Engineer to join our Cybersecurity Operations team. The ideal candidate will be responsible for the deployment, configuration, integration, and operational support of Microsoft Sentinel as a core SIEM platform, ensuring efficient threat detection, incident response, and security monitoring. Key Responsibilities: Design, implement, and manage Microsoft Sentinel for enterprise security monitoring. Develop and maintain analytic rules (KQL-based) and detection use cases aligned with MITRE ATT&CK. Integrate various log sources (on-prem and cloud) including Microsoft 365, Azure, AWS, endpoints, firewalls, etc. Create and manage playbooks using Azure Logic Apps for automated incident response. Monitor data connectors and ensure log ingestion health and optimization. Conduct threat hunting and deep dive analysis using Kusto Query Language (KQL). Optimize performance, cost, and retention policies in Sentinel and Log Analytics workspace. Collaborate with SOC analysts, incident responders, and threat intelligence teams. Participate in use case development, testing, and fine-tuning of alert rules to reduce false positives. Support compliance and audit requirements by producing relevant reports and documentation. Required Skills & Qualifications: 3+ years of experience working with Microsoft Sentinel SIEM. Strong hands-on experience with KQL (Kusto Query Language) . Solid understanding of log ingestion from different sources including Azure, O365, Defender, firewalls, and servers. Experience with Azure Logic Apps for playbook creation and automation. Familiarity with incident response workflows and threat detection methodologies. Knowledge of security frameworks such as MITRE ATT&CK, NIST, or ISO 27001 . Microsoft certifications such as SC-200 (Microsoft Security Operations Analyst) or AZ-500 are preferred. Good to Have: Experience with Defender for Endpoint, Defender for Cloud, Microsoft Purview. Knowledge of other SIEM platforms (e.g., Splunk, QRadar) for hybrid environments. Scripting experience (PowerShell, Python) for automation and integration. Certifications (Preferred but not mandatory): SC-200 : Microsoft Security Operations Analyst AZ-500 : Microsoft Azure Security Technologies CEH , CompTIA Security+ , or equivalent

Job Title: Lead SOC Analyst (Microsoft Sentinel Specialist) Location: Bangalore (Work from Office) Department: Security Operations Center (SOC) Reports To: SOC Manager / Head of Security Operations Job Summary: We are seeking a highly skilled and experienced Lead SOC Analyst with deep expertise in Microsoft Sentinel to join our Security Operations Center. The ideal candidate will be responsible for leading threat detection, incident response, and proactive threat hunting activities, with a primary focus on leveraging Microsoft Sentinel and its associated Microsoft Defender XDR ecosystem. Key Responsibilities: Lead day-to-day SOC operations, ensuring timely detection, triage, analysis, and response to security incidents. Design, develop, and fine-tune Microsoft Sentinel analytics rules (KQL) , workbooks, playbooks (Logic Apps), and automation rules. Oversee and improve threat detection use cases , MITRE ATT&CK coverage, and alert tuning in Microsoft Sentinel. Correlate events from Microsoft Defender for Endpoint, Defender for Identity, Defender for Office 365, and Defender for Cloud to drive enriched detections. Perform proactive threat hunting using Sentinel and other available tools. Guide and mentor SOC Analysts (L1/L2), provide technical escalation support and help develop their technical capabilities. Lead or participate in incident response efforts , including forensic investigation and root cause analysis. Maintain and update SOC documentation, playbooks, and SOPs. Collaborate with internal teams and customers to provide insights, reports, and continuous improvements. Stay updated on the latest cyber threats, vulnerabilities, and Microsoft security product enhancements. Required Skills & Experience: 5+ years of experience in cybersecurity, with at least 2 years of hands-on experience with Microsoft Sentinel . Strong command of Kusto Query Language (KQL) . Experience with Microsoft Defender suite (MDE, MDI, MDO, MDC) and integration with Sentinel. Solid understanding of SIEM/SOAR concepts , threat detection, incident response, and threat hunting. Familiarity with MITRE ATT&CK framework and NIST/ISO incident response process. Experience with Azure Logic Apps and automation in Sentinel is a plus. Hands-on experience in handling advanced persistent threats (APT) , phishing campaigns, lateral movement, and data exfiltration incidents. Preferred Certifications (one or more): Microsoft Certified: Security Operations Analyst Associate (SC-200) Certified SOC Analyst (CSA) Soft Skills: Strong communication and leadership skills. Ability to manage priorities and multitask effectively in a high-pressure environment. Analytical and detail-oriented with a proactive mindset.

Roles and responsibilities: Design & Implementation: Understand the customer requirement, Architect, Design and implement scalable SIEM solutions. Develop Design documentations HLD and LLD SIEM components Installation Configure SIEM platform as per best practices. SIEM Operations: Lead Log source onboarding activities Develop / tune parsers to normalize raw logs sent to SIEM solution Create reporting templates to meet customer requirements Configuration management User management activities Build integrations with upstream and downstream applications for Orchestration and automation of Security responses Platform troubleshooting activities / Work with OEM to fix product level issues Health Monitoring Use case Management: Collaborate with key stakeholders at customer side as well as the SOC team to develop use cases to detect cyber threats. Develop Rules / parsers / reference data / analytics to implement the use cases in SIEM platform. Continues Use case development, testing and tuning to ensure detection logic is relevant and false positive rate is reduced. Preferred Qualifications 6+ years of experience deploying and managing large SIEM deployment for enterprise customers or managing MSSP platforms. Preferred SIEM experience: Microsoft Sentinel & IBM QRadar Experience working in SOC analysis / Incident response teams. Strong understanding of cybersecurity technologies, protocols, and applications Strong knowledge in MITRE attack framework and expertise in developing detections based on the framework. QRadar administration / deployment professional certifications, Microsoft Sentinel certifications

Your key responsibilities Architecting and implementation of cloud security monitoring platforms MS Sentinel Provide consulting to customers during the testing, evaluation, pilot, production, and training phases to ensure a successful deployment. Perform as the subject matter expert on Cloud Security solutions for the customer, use the capabilities of the solution in the daily operational work for the end customer. Securing overall cloud environments by applying cybersecurity tools and best practices Advise customers on best practices and use cases on how to use this solution to achieve customer end state requirements. Content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems Skills and attributes for success Customer Service oriented - Meets commitments to customers; Seeks feedback from customers to identify improvement opportunities. Expertise in content management in MS Sentinel Good knowledge in threat modelling. Experience in creating use cases under Cyber kill chain and Mitre attack framework Expertise in integrating critical devices/applications including unsupported (in-house built) by creating custom parsers Below mentioned experiences/expertise on Sentinel Develop a migration plan from Splunk/QRadar/LogRhythm to MS Sentinel Deep understanding of how to implement best practices for designing and securing Azure platform Experiencing advising on Microsoft Cloud Security capabilities across Azure platform Configure data digestion types and connectors Analytic design and configuration of the events and logs being digested Develop, automate, and orchestrate tasks(playbooks) with logic apps based on certain events Configure Sentinel Incidents, Workbooks, Hunt queries, Notebooks Experience in other cloud native security platforms like AWS and GCP is a plus Scripting knowledge (Python, Bash, PowerShell) Extensive knowledge of different security threats Good knowledge and experience in Security Monitoring Good knowledge and experience in Cyber Incident Response To qualify for the role, you must have B. Tech./ B.E. with sound technical skills Strong command on verbal and written English language. Demonstrate both technical acumen and critical thinking abilities. Strong interpersonal and presentation skills. Certification in Azure (any other cloud vendor certification is a plus)

Your potential, unleashed. Indias impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realise your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks. Your work profile. Reporting to the Director of SOC Engineering, a Sentinel is primarily responsible for the build development and maintenance of the Sentinel SIEM. The engineer will participate in installing, configuring, and maintaining Microsoft Sentinel; design and develop detections; implement operational and technical security controls; and adhere to organisational security policies and procedures. About the team The engineering team provides a number of services to internal and external stakeholders including: Working on onboarding new clients to the service on the Microsoft Sentinel SIEM platform Working closely with a large SOC to maintain adequate connectors and analytics. Working with clients for the development of new detections bespoke to client use cases, threats and environments. Assist on internal SOC quality of life or process improvement projects. As part of a small team you will experience diverse days, find yourself hands on building and developing as well as handling client tickets or SOC queries. Engineering: Analyze and define data requirements and specifications. Oversight of data system performance, capacity, availability, serviceability, and recoverability. Analyze and plan for anticipated changes in data capacity requirements. Install, configure and support data system components. Raise/manage/close vendor support cases. Develop and facilitate data-gathering methods. Manage the compilation, cataloguing, caching, distribution, and retrieval of data. Provide a managed flow of relevant information to represent data in creative formats. Part of Data and Security Engineering escalation roster for critical alerts. Data Analysis Analyze data sources to provide actionable recommendations and strategic insights. Assess the validity of source data and subsequent findings. Conduct hypothesis testing using statistical processes. Develop strategic insights from large data sets. Develop data standards, policies, and procedures. Client facing Interface with customers to address concerns, issues, or escalations; track and drive to closure any issues that impact the service and its value to clients. Work with product owners to onboard additional data sources. Present technical information to technical and non-technical audiences. Professional Experience: Experience working with Microsoft Sentinel. Experience writing SIEM queries, constructing alert logic, and building dashboards. Experience integrating custom log sources into Microsoft Sentinel. An understanding of the information technology marketplace including modern security operations and Digital Forensics/Incident Response. Demonstrate a high level of flexibility and resourcefulness, being able to adapt to change and challenges. Experience communicating with a high level of professionalism. Previous technical experience owning and delivering complex, technical bodies of work. Evidence of working with or in the Enterprise market. A demonstrable track record of success. Ideally, experience working in or with a cyber security team. Ideally, experience working with Endpoint Detection and Response products such as Microsoft Defender ATP. How you’ll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report . Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyone’s welcome entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution.