Job Description

Job Title- SIEM Expert - Microsoft (L3)

Role Summary

We are seeking an experienced

SIEM Expert - Microsoft (L3)

to lead advanced security monitoring, threat detection, and incident response using

Microsoft Sentinel

and the broader

Microsoft Security stack

. This role focuses on complex investigations, threat hunting, SIEM optimization, and mentoring L1/L2 analysts while driving continuous improvement of SOC operations.

Key Responsibilities

SIEM & Threat Detection

Design, deploy, tune, and optimize

Microsoft Sentinel

use cases, analytics rules, and detection logic Develop advanced

KQL queries

for threat detection, investigation, and proactive hunting Integrate diverse data sources (Azure, M365, Defender, firewalls, EDR, identity, cloud apps) into Sentinel Reduce false positives through correlation, tuning, and behavioral analytics
Incident Response & Investigation (L3)

Lead complex

security incident investigations

(APT, insider threats, ransomware, cloud attacks) Perform deep-dive forensic analysis across endpoints, identity, email, and cloud workloads Validate, escalate, and coordinate incident response with IR teams and stakeholders Conduct root cause analysis and recommend remediation and preventive controls
Threat Hunting & Intelligence

Perform

proactive threat hunting

using Microsoft Sentinel and Defender data Leverage threat intelligence feeds and map detections to

MITRE ATT&CK

Track emerging threats and translate intelligence into actionable detections
Automation & Optimization

Design and maintain

SOAR playbooks

using Logic Apps for automated response Optimize SIEM performance, cost, ingestion, and data retention strategies Create dashboards, workbooks, and executive-level security metrics
Governance, Reporting & Enablement

Create and maintain SOC runbooks, SOPs, and investigation playbooks Provide technical mentorship and guidance to

L1/L2 SOC analysts

Support audits, compliance reporting, and security posture reviews

Required Skills & Experience

Technical Skills

5+ years in SOC / SIEM / Security Operations, with L3 ownership Strong expertise in

Microsoft Sentinel

and

KQL

Hands-on experience with: Microsoft Defender (Endpoint, Identity, Office 365, Cloud Apps) o Azure AD / Entra ID logs and security signals o Azure infrastructure and cloud security concept Experience integrating third-party tools (firewalls, EDR, VPN, CASB, IAM) Solid understanding of

network security

, endpoint security, and cloud threats Security Knowledge Incident response lifecycle and digital forensics fundamentals Threat modeling and

MITRE ATT&CK

framework Malware analysis basics and attack chain mapping
Preferred Qualifications

Microsoft certifications:

SC-200

(Security Operations Analyst) o

AZ-500

,

SC-100

, or equivalent Experience in MSSP or 24x7 SOC environments Exposure to compliance frameworks (ISO 27001, SOC 2, PCI-DSS)
Job Type: Full-time

Benefits:

Health insurance Provident Fund
Work Location: In person