As a Microsoft Sentinel Cybersecurity Engineer, you will be an integral part of our IT Cyber Defense and Analytics team. Your primary responsibility will be to design, develop, and maintain SIEM content and automation rules within Microsoft Sentinel. You'll collaborate closely with threat analysts, incident responders, and other security professionals to enhance the company's threat detection capabilities and streamline incident response processes.
Key Responsibilities:
1. SIEM Content Development:
o Create custom analytical rules, queries, and playbooks in Microsoft Sentinel.
o Develop content to detect and respond to security incidents, including threat hunting and anomaly detection.
o Collaborate with threat intelligence teams to incorporate relevant indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs).
2. Automation and Orchestration:
o Design and implement automation workflows using Azure Logic Apps or similar tools.
o Automate incident triage, enrichment, and response actions.
o Integrate threat intelligence feeds and automate threat indicator enrichment.
3. Data Enrichment and Correlation:
o Enhance data sources by enriching raw logs with contextual information.
o Correlate events across different data streams to identify complex attack patterns.
o Optimize data ingestion and normalization processes.
4. Incident Response Enhancement:
o Work closely with the Cyber Fusion Center to improve incident response capabilities.
o Develop and maintain incident response playbooks.
o Participate in incident handling and provide technical expertise during security incidents.
5. Continuous Improvement:
o Stay informed about emerging threats, vulnerabilities, and security technologies.
o Evaluate new features and capabilities in Microsoft Sentinel and recommend enhancements.
o Contribute to the overall security posture of the organization.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to
HR@insightglobal.com.
To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:
https://insightglobal.com/workforce-privacy-policy/ .
* Minimum 3+ years of experience in SIEM engineering, with a focus on Microsoft Sentinel.
* Proficiency in building custom analytical rules and automating processes through Azure Logic Apps.
* Proficiency with Azure Logic Apps or similar workflow automation tools.
* Proficiency in writing custom KQL (Kusto Query Language) queries for threat detection.
* Bachelor's degree in Cybersecurity, Information Security, Computer Science, or related field.
* Strong problem-solving skills and ability to manage complex security workflows.
* Familiarity with threat intelligence sources and security best practices.
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.