Kloudynet is a fast-growing Cybersecurity company in Southeast Asia and also an Advanced Security Partner with Microsoft specializing in providing innovative solutions and services to clients across various industries.We are currently seeking a highly skilled and experienced Resident Engineer (RE) Sentinel to join our team.
We are seeking a highly skilled Microsoft Sentinel Engineer with strong incident response expertise and hands-on experience in Sigma rule development and detection engineering.
The ideal candidate will be responsible for designing, implementing, and optimizing Microsoft Sentinel solutions, while actively supporting advanced threat hunting, detection engineering initiatives, and incident response operations.
Job Responsibilities:
Microsoft Sentinel Engineering
- Maintain Microsoft Sentinel (SIEM) solutions.
- Develop and optimize KQL-based detection rules, analytics, and workbooks.
- Integrate various log sources (Azure, M365, Defender, AWS, on-prem, etc.).
- Build automation playbooks using Logic Apps for response orchestration.
- Tune alerts to reduce false positives and improve detection fidelity.
- Implement UEBA and threat intelligence integrations.
- Translate Sigma rules into KQL analytics for Microsoft Sentinel.
Incident Response
- Lead and support incident triage, investigation, containment, eradication, and recovery.
- Conduct log analysis and forensic investigations across endpoints, cloud, and network environments.
- Develop incident response playbooks and SOPs.
- Perform root cause analysis and document post-incident reports.
- Support purple team exercises and adversary simulation activities.
Sigma & Detection Engineering
- Develop, test, and maintain Sigma rules for SIEM-based threat detection.
- Convert Sigma rules into platform-specific queries (KQL for Sentinel).
- Map detections to the MITRE ATT&CK framework.
- Collaborate with threat intelligence teams to translate intelligence into actionable detections.
- Implement detection-as-code practices and continuous improvement of rule quality.
- Perform proactive threat hunting using Sentinel and Defender telemetry.
Security Operations & Continuous Improvement
- Improve detection coverage aligned to MITRE ATT&CK framework.
- Support vulnerability remediation and security hardening initiatives.
- Participate in 24/7 SOC rotation if required.
- Stay current with emerging threats, attacker TTPs, and security technologies.
Job Requirements:
- Bachelor's degree in computer science, Cybersecurity, or related field (or equivalent experience).
- 37+ years of experience in cybersecurity operations or SIEM engineering.
- Strong hands-on experience with Microsoft Sentinel.
- Proficiency in Kusto Query Language (KQL).
- Proven experience in incident response handling.
- Hands-on experience writing and tuning Sigma rules.
