professional is responsible for advanced monitoring, analysis, and response to security incidents using
Microsoft Sentinel
and the Microsoft security ecosystem. This role focuses on incident triage, investigation, threat detection tuning, and supporting continuous improvement of SOC operations.
Key Responsibilities
Security Monitoring & Incident Response
Monitor security alerts and incidents using
Microsoft Sentinel
.
Perform
L2 triage and investigation
of security events and escalated alerts.
Analyze logs from
Azure, M365, Defender XDR, Entra ID, endpoints, and network devices
.
Identify false positives and fine-tune detection rules.
Contain, mitigate, and remediate security incidents in coordination with L3 and IR teams.
Threat Detection & Use Case Management
Develop, tune, and optimize
Sentinel analytics rules
and detections.
Write and modify
KQL (Kusto Query Language)
queries for threat hunting.
Implement and maintain SIEM use cases aligned with MITRE ATT&CK.
Support proactive
threat hunting
and anomaly detection activities.
Integration & Log Management
Onboard and maintain log sources in Microsoft Sentinel.
Ensure proper data ingestion, normalization, and retention.
Validate log completeness and troubleshoot ingestion issues.
Optimize data usage to balance visibility and cost.
Automation & SOAR
Configure and manage
Logic Apps playbooks
for automated response.
Support incident enrichment and response automation.
Assist in improving SOC efficiency through workflow automation.
Reporting & Documentation
Prepare incident reports, root cause analysis (RCA), and lessons learned.
Maintain SOPs, runbooks, and escalation procedures.
Provide input for SOC metrics, dashboards, and compliance reporting.
Collaboration & Escalation
Act as an escalation point for
L1 analysts
.
Coordinate with
IT, Cloud, Network, and Endpoint teams
.
Escalate complex or high-severity incidents to L3 and IR teams.
Required Skills & Qualifications
Technical Skills
Strong hands-on experience with
Microsoft Sentinel
.
Good knowledge of
Microsoft Defender XDR
(Endpoint, Identity, Office 365, Cloud Apps).
Proficiency in
KQL (Kusto Query Language)
.
Understanding of
Azure AD / Entra ID
, Azure infrastructure, and M365.
Solid fundamentals of
network security, endpoint security, and log analysis
.
Experience mapping detections to
MITRE ATT&CK
framework.
Security Knowledge
Familiarity with attack techniques such as phishing, malware, lateral movement, and privilege escalation.
Understanding of SOC processes, incident lifecycle, and IR best practices.
Basic knowledge of threat intelligence feeds and indicators (IOCs).