Sentinel Lead

Toyota Tsusho Systems•Plano, TX

About The Position

The Sentinel Lead is responsible for architecting, governing, and operationalizing Microsoft Sentinel across a multi-tenant enterprise environment. This role provides technical leadership for Sentinel onboarding, configuration, log ingestion pipelines, and operational enablement across Toyota Motors North America (TMNA) and Regional Security Operations Center (RSOC) affiliates. The Sentinel Lead manages a team of engineers, serves as the primary point of contact for Sentinel initiatives, and drives continuous innovation through proof-of-concept development, advanced visualizations, and governance frameworks. Essential Functions: Lead a team managing Sentinel onboarding, configuration, and day‑to‑day operational activities. Serve as the primary point of contact for Sentinel‑related initiatives and cross‑functional collaboration across TMNA, RSOC customers, and other stakeholders. Partner with Microsoft and internal stakeholders to align Sentinel operations with best practices, architectural guidance, and long‑term strategic direction. Research, design, and develop proof‑of‑concept (POC) solutions for new Sentinel features, MSSP architectural capabilities, onboarding playbooks, and affiliate‑specific requirements. Lead a team building and managing Sentinel logging pipelines, including ingestion, transformation, filtering, parsing, ASIM normalization, and historical log backfilling. Lead a team to develop advanced dashboards, visualizations, and workbooks to support operational requirements and improve visibility across logs and detections. Lead a team responsible for developing, monitoring, and troubleshooting log data drop alerts to ensure service reliability. Develop and implement Azure governance components for Sentinel MSSP environments, including policies, controls, and automation. Manage Sentinel resource commitment tiers and optimize operational and licensing costs across TMNA and RSOC affiliates. Oversee user access requests for Sentinel (1TS) and maintain compliance with security policies, RBAC controls, and audit requirements. Identify opportunities, lead, and implement solutions to improve data pipeline performance and effectiveness, enhance data quality, and streamline processes. Stay current with the latest advancements in related technologies. Create and maintain technical documentation, diagrams, and best practices.

Requirements

Bachelor’s degree or higher in a STEM discipline.
Extensive experience architecting, deploying, and managing Microsoft Sentinel in complex, multi‑tenant environments.
Deep understanding of cloud platforms (Azure and multi-cloud) and advanced cloud security principles.
Exceptional communication skills with demonstrated ability to engage, align, and manage technical and non‑technical stakeholders.
Hands‑on experience working in multi‑cloud environments and designing cloud‑native security controls.
Skilled in embedding security practices into large‑scale development or cloud engineering processes.
Advanced proficiency in Infrastructure as Code (IaC), using tools such as Bicep, Terraform, or ARM templates.

Responsibilities

Lead a team managing Sentinel onboarding, configuration, and day‑to‑day operational activities.
Serve as the primary point of contact for Sentinel‑related initiatives and cross‑functional collaboration across TMNA, RSOC customers, and other stakeholders.
Partner with Microsoft and internal stakeholders to align Sentinel operations with best practices, architectural guidance, and long‑term strategic direction.
Research, design, and develop proof‑of‑concept (POC) solutions for new Sentinel features, MSSP architectural capabilities, onboarding playbooks, and affiliate‑specific requirements.
Lead a team building and managing Sentinel logging pipelines, including ingestion, transformation, filtering, parsing, ASIM normalization, and historical log backfilling.
Lead a team to develop advanced dashboards, visualizations, and workbooks to support operational requirements and improve visibility across logs and detections.
Lead a team responsible for developing, monitoring, and troubleshooting log data drop alerts to ensure service reliability.
Develop and implement Azure governance components for Sentinel MSSP environments, including policies, controls, and automation.
Manage Sentinel resource commitment tiers and optimize operational and licensing costs across TMNA and RSOC affiliates.
Oversee user access requests for Sentinel (1TS) and maintain compliance with security policies, RBAC controls, and audit requirements.
Identify opportunities, lead, and implement solutions to improve data pipeline performance and effectiveness, enhance data quality, and streamline processes.
Stay current with the latest advancements in related technologies.
Create and maintain technical documentation, diagrams, and best practices.