Senior Security Engineer

About The Position

Requirements

• 10+ years of experience in cybersecurity, security engineering, or security operations roles.
• Demonstrated senior level experience operating and evolving SIEM and SOC environments.
• Deep hands-on experience with Microsoft Sentinel and Microsoft Defender XDR.
• Experience developing automation or tooling using Python, PowerShell, or similar languages.
• Proven ability to operate autonomously, make sound technical decisions, and own outcomes end-to-end.
• Strong experience with Microsoft Entra Identity. Entra Roles and administrators. Conditional access policies. Entra MFA. Entra Enterprise Apps security.
• Strong experience with SOAR automation, detection engineering, and alert tuning.
• Experience operating within a Microsoft E5 first security strategy.
• Hands-on experience with Microsoft Purview, including DLP, data classification, information protection, and insider risk.
• Familiarity with Microsoft Intune security and endpoint posture management.
• Experience integrating opensource telemetry into enterprise SIEM or SOC workflows.
• Experience with threat intelligence, malware analysis, or security research.
• Experience evaluating or leveraging AI assisted security tools, including Microsoft Security Copilot.
• Experience deploying, managing, or integrating opensource security tools, such as: Wazuh, Suricata, Zeek, OpenVAS, TheHive, etc.
• Opensource SIEM, HIDS, or log analysis platforms
• Advanced proficiency in KQL
• Solid understanding of endpoint, identity, email, cloud, network, and log-based security.

Nice To Haves

• Relevant certifications such as SC200, SC100, AZ500, CISSP, or equivalent.

Responsibilities

• Security Operations Leadership
• Act as a senior technical leader within Security Operations, providing expertise and direction on detection, investigation, and response practices.
• Own and continuously improve incident response workflows, escalation paths, and operational processes across Microsoft and opensource security platforms.
• Serve as a senior escalation point for complex or high impact security incidents.
• Help define operational standards, metrics, and maturity goals for a modern SOC.
• SIEM, SOAR & Detection Engineering
• Architect, build, and maintain SIEM and SOAR capabilities using modern SecOps tools like Microsoft Sentinel, Wazuh, and a combination of complementary tooling.
• Design and tune analytics rules, automation playbooks, and incident workflows to improve detection fidelity and response speed.
• Lead ongoing efforts to reduce alert fatigue, false positives, and redundant signals through structured, data driven tuning.
• Ensure detections are reliable, maintainable, and aligned with real-world threat activity.
• Threat Hunting & Advanced Analysis
• Lead and perform proactive threat hunting across endpoint, identity, email, cloud, network, and log-based telemetry.
• Develop and maintain advanced KQL queries for hunting, investigations, and detection engineering.
• Leverage opensource telemetry and detections to supplement Microsoft security signals where appropriate.
• Translate threat intelligence and emerging attacker techniques into actionable detections and response improvements.
• Align threat hunting and detections with frameworks such as MITRE ATT&CK.
• Security Architecture & Platform Strategy
• Provide hands-on security architecture guidance across endpoints, identity, email, cloud, network, and logging domains.
• Partner with infrastructure, cloud, identity, and application teams to ensure secure-by-design implementations.
• Drive thoughtful tool consolidation, prioritizing Microsoft E5 capabilities while integrating opensource solutions where they add measurable value.
• OpenSource Security Tooling
• Evaluate, deploy, and operate opensource security tools to enhance detection, visibility, or response capabilities.
• Contribute to the implementation and operationalization of SIEM/SOAR for host-based detection, log analysis, and security monitoring.
• Integrate opensource tooling with Microsoft Sentinel and Defender to create a unified investigation and response workflow.
• Assess tradeoffs between opensource and commercial solutions, including maintainability, scalability, and operational overhead.
• Automation & Engineering
• Design and implement security automation using Sentinel SOAR playbooks, APIs, and scripting.
• Integrate security tooling with IT systems, workflows, and notification platforms to improve operational efficiency.
• Microsoft Security Platform Expertise
• Act as a subject matter expert for:
• Microsoft Defender XDR (Endpoint, Identity, Office 365, Cloud Apps)
• Microsoft Sentinel (SIEM/SOAR)
• Microsoft Purview (DLP, information protection, insider risk)
• Microsoft Intune (endpoint security posture and controls)
• Ensure platforms are configured according to best practices and continuously optimized as capabilities evolve.
• AI & Emerging Capabilities
• Evaluate and responsibly adopt AI assisted security capabilities, including Microsoft Security Copilot and related technologies.
• Identify opportunities where AI can improve investigation quality, response consistency, and analyst effectiveness.
• Collaboration & Mentorship
• Collaborate closely with IT operations, cloud engineering, identity, and application teams.
• Provide mentorship and technical guidance to junior and midlevel security staff.
• Clearly communicate security risks, findings, and recommendations to both technical and nontechnical stakeholders.