Microsoft Sentinel SME
- GSPANN
- 11 - 21 years
- Hyderabad
- 1 month ago
- Email to a friend
- Report this job
Job Description
SUMMARY
- Architect, deploy, configure, and optimize Microsoft Sentinel.
- Manage data connectors, analytics rules, UEBA, watchlists, content hub, and governance.
- Develop and tune KQL rules, correlation logic, and UEBA use cases.
- Map detection content to MITRE ATT&CK, NIST CSF, CIS, and Zero Trust frameworks
- Build and optimize Logic Apps playbooks for automated alert enrichment, response, ticketing, containment, and orchestration.
- Conduct proactive threat hunting across Sentinel, Defender XDR, and integrated telemetry sources using KQL, TI feeds, IOC matching, and behavioural analytics.
- Support Tier 2/3 investigations, perform forensics, lead containment/remediation, and create incident post-mortems.
- Integrate Sentinel with Defender Suite, ServiceNow/Jira, EDR, vulnerability scanners, IAM/IDP platforms, network security tools, and third-party APIs.
- Develop dashboards and reports for ISO 27001, SOC 2, PCI-DSS, GDPR, CCPA, NIST 800-53, HIPAA compliance.
- Implement ingestion strategies, data tiering, RBAC, retention policies, and continuous platform health management.
- Participate in co-managed SOC model, lead onboarding workshops, provide stakeholder reporting, and coach operational teams.
- Maintain detection quality, evolve rule stacks, integrate threat intel, maintain Sentinel-as-Code, and support operational maturity.
Requirements
- 7 10+ years in Cybersecurity
- Hands-on Sentinel/XDR/SOAR experience
- SOC Operations experience
- Managed SOC / MSSP / Multi-Tenant experience
- Microsoft Sentinel SIEM
- KQL Querying & Detection Engineering
- SOAR (Logic Apps Automation)
- Microsoft Defender XDR Suite (Identity, Endpoint, M365, OT/IoT optional)
- Threat Intelligence & MITRE ATT&CK alignment
- IR Frameworks (DFIR, Forensics, Playbooks, Runbooks)
- Azure Cloud Security + Entra ID
- API/REST/JSON Automation
- Infrastructure + Network Security Knowledge
- DevOps/Sentinel-as-Code (GitHub, ARM, Terraform, CI/CD
Certifications (Preferred)
- SC-200, SC-100, AZ-500
- CISSP, GCIH, GCIA, CEH, CySA+, AZ-104
- Defender, Entra ID, Azure Sentinel relevance
Job Classification
Industry: IT Services & ConsultingFunctional Area / Department: IT & Information SecurityRole Category: IT SecurityRole: Security Architect / ConsultantEmployement Type: Full timeContact Details:
Company: GSPANNLocation(s): Hyderabad
Keyskills: continuous integration soc scanning ci/cd sme siem microsoft operations devops json arm deployment sentinel cd rest github cloud security cyber security network security ir azure cloud framework servicenow compliance soar threat intelligence investigation terraform alignment
GSPANN
COMPANY PROFILE: GSPANN is a US California Bay Area based consulting services provider focused on implementations in the Enterprise Content Management, Business Intelligence & Mobile Solution initiatives. More than 90% of our current clientele are FORTUNE 1000 organizations. We specialize in str...
Job Listings
We are in open beta version of website, please let us know if any issues, at: info(at)indigojobs.in