Security Operations Lead – Sentinel & Automation

About The Position

Requirements

• 5+ years of experience in security operations, SIEM engineering, or security monitoring with hands-on responsibility for Microsoft security technologies.
• Proven experience implementing and tuning Microsoft Sentinel detections, investigations, dashboards, and automation playbooks in enterprise environments.
• Experience integrating Defender XDR, identity, endpoint, email, and cloud telemetry to support unified detection and response workflows.
• Demonstrated delivery of automation initiatives using Logic Apps, PowerShell, Python, or Azure Automation to reduce manual effort and improve response speed.
• Experience working with cross-functional teams, documenting processes, supporting audits, and reporting operational performance to technical and leadership stakeholders.
• Strong knowledge of Microsoft Sentinel architecture, analytics rules, workbooks, KQL, data connectors, and log normalization practices.
• Good understanding of Defender XDR, Microsoft 365 security, Entra ID, Azure security services, and hybrid cloud security operations.
• Knowledge of SOAR design patterns, Logic Apps, Azure Automation, scripting, API integrations, and secure credential handling.
• Familiarity with incident response lifecycle, threat detection engineering, vulnerability management, and patch/configuration control frameworks such as CIS and NIST.
• Understanding of governance, testing, change control, documentation standards, and KPI-based service performance measurement.

Responsibilities

• Design and implement Microsoft Sentinel as the primary SIEM platform, including data ingestion, normalization, and retention strategies.
• Develop advanced detection content including analytics rules, hunting queries, workbooks, and threat models.
• Integrate and manage XDR across endpoints, identity, cloud apps, and email to provide unified threat visibility and response.
• Lead MCP integration by connecting Microsoft Copilot for Security with Sentinel, SOAR, and cloud services to surface AI-driven insights.
• Operationalize AI workflows for triage, enrichment, and investigation across Azure, M365, and hybrid environments.
• Define guardrails for AI-assisted actions and ensure explainability and auditability of automated decisions.
• Build and maintain playbooks using Logic Apps, Azure Automation, PowerShell, and Python to automate containment, enrichment, and remediation.
• Develop SOAR workflows that reduce manual steps and accelerate incident response times.
• Maintain runbooks and version control for all automation assets and ensure secure credential handling.
• Establish and lead a program for automated patch management and security configuration gap control.
• Implement continuous compliance monitoring and automated remediation workflows tied to CIS and NIST baselines.
• Integrate vulnerability management with Sentinel and orchestration playbooks to prioritize and remediate exposures.
• Operate as a senior responder for escalated incidents and lead post-incident reviews.

Benefits

• competitive compensation package
• inclusive benefits
• flexibility programs