Security Operations Engineer Role

About the Role:

The Security Operations Detection Engineer reports to the lead of Security Operations and is part of the CISO office. This role is responsible for the architecture, engineering, and automation of in-house security platforms, including Microsoft Sentinel SIEM and SOAR tools. The ideal candidate will have deep technical expertise in the Microsoft security stack and excel in developing security automation for alert triage, response, and other security processes like patch and vulnerability management. They will collaborate with IT teams to define log ingestion, data enrichment, alerting, and response actions via the SIEM/SOAR platform and support the SOC for advanced SIEM queries and analytic alerts.

Primary Responsibilities:

• Deploy new detections or automations within the SIEM/SOAR platform.
• Create and implement SIEM content (rules, alerts, dashboards).
• Improve SIEM analytics and reduce false positives.
• Design and implement automation for alert enrichment and response actions.
• Benchmark existing detections and develop a roadmap for coverage expansion.
• Continuously test and remediate gaps in detection and prevention coverage.
• Integrate with external SOC providers to enhance detection and response capabilities.
• Consolidate data sources across Microsoft tenants and systems.
• Design and implement security monitoring across core business applications.
• Maintain Security Operations tooling to ensure high availability of log sources.
• Partner with Security Analysts to enhance Security Operations procedures and incident response.
• Automate Security Operations metrics and Incident Response processes.
• Develop and adhere to SIEM Engineering change control procedures.
• Manage DLP tools and ensure optimal configuration and functionality.
• Provide training and support to team members on SIEM functionalities.

Requirements and Qualifications

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• 3+ years in a security-related engineering role.
• 2+ years of SIEM/SOAR Engineering experience.
• Deep technical understanding of Microsoft Sentinel, Log Analytics, Defender, and other Microsoft security tools.
• Excellence in security automation.
• Proficiency with automation tools (e.g., Terraform) and scripting languages (KQL, Python, PowerShell).
• Proficiency with Microsoft Power Apps, Azure Functions, Logic Apps, and other Microsoft automation tools.
• Proficiency in API development for integrating security tools.
• Familiarity with log ingestion methodologies into a SIEM environment.