MS Sentinel

Skill- need Sentinel implementation experience & KQL

JD : --

A role involving Microsoft Sentinel typically centers around designing, implementing, and managing security monitoring solutions using this cloud-native SIEM (Security Information and Event Management) platform.

Common Responsibilities

• Deploy and configure Microsoft Sentinel to monitor security events across cloud and on-premises environments.
• Develop custom analytics rules and workbooks to detect threats and visualize data.
• Create and maintain automation playbooks using Logic Apps for incident response.
• Integrate data connectors to ingest logs from various sources (Azure, Microsoft 365, firewalls, etc.).
• Investigate and respond to security incidents, working closely with SOC teams.
• Continuously improve detection capabilities by staying updated on emerging threats.

Desired Skills

• Strong knowledge of Microsoft Sentinel and other Microsoft security tools (Defender, Azure Security Center).
• Experience with Kusto Query Language (KQL) for writing detection rules.
• Familiarity with PowerShell or Python for automation.
• Understanding of cybersecurity frameworks and best practices.
• Experience with SIEM/SOAR platforms and incident response processes.

• Microsoft Sentinel Implementation: Design, configure, and deploy Microsoft Sentinel solutions to monitor security events and incidents across the organisation and clients' networks.
• Security Incident Detection: Develop and maintain custom security rules and queries to detect and analyse potential security threats and vulnerabilities.
• Incident Response: Understand incident response efforts including investigating, containing, and mitigating security incidents in a timely and effective manner.
• Custom Sentinel Development: Building of custom data connectors to ingest logs from customer environments, and the ability to work with a customer to understand and guide log capture and alerting requirements so as to also build effective analytic rules used by the SOC team.
• Security Threat Analysis: Analyse and document security events and incidents to understand their nature, impact, and root causes, and provide recommendations for improvement.
• Automation and Orchestration: Create and maintain automation scripts for incident response and remediation processes to improve operational efficiency.
• Collaboration: Work closely with cross-functional teams, including security analysts, network engineers, and system administrators, to enhance security posture and ensure a cohesive security strategy.
• Continuous Improvement: Stay current with industry trends and emerging threats, recommend security enhancements, and participate in security training and knowledge sharing within the team.
• Documentation: Maintain comprehensive documentation of security procedures, incident reports, and best practices.