Job Description
Job Description – Sentinel Specialist
Designation: Sentinel Specialist
Job Role:Collaborate with the global leadership team in terms of being accountable for Microsoft SIEM Sentinel services for global customers that includes presales, consulting, implementation, service delivery, customer management, team management and service operations.
Experience: Minimum 5 to 7+ years of hands-on relevant experience in managing cyber security IT projects delivered globally with excellent customer satisfaction
Shifts:Day Shifts. However, the resource may need to work Flexible Hours to provide extended support & be available on call when required.
Responsibilities
Assess the current SIEM environment and requirements of the clients and propose a migration plan to Sentinel.
Configure and deploy Sentinel connectors, workbooks, analytics rules, playbooks, and dashboards.
Integrate Sentinel with other Azure and third-party security services and tools.
Perform data ingestion, normalization, enrichment, and correlation using Sentinel's built-in and custom log sources and parsers.
Plan and execute migrations from other SIEM platforms (such as Splunk, ArcSight, QRadar, etc.) to Microsoft Sentinel.
Develop migration strategies, including data migration, log source integration, and configuration transfer.
Optimize Sentinel's performance, scalability, and reliability.
Monitor and troubleshoot Sentinel's health and operational issues.
Provide training and documentation to the clients on how to use and manage Sentinel.
Stay updated on Sentinel's latest features, updates, and best practices.
Develop and maintain documentation, including deployment guides, runbooks, and best practices.
Essential Technical skills:
In-depth Design and Implementation Experience in implementing Microsoft Sentinel for global customers
Must have done at least 3 major Sentinel implementations using Light House
Expertise in creating use cases and playbooks based on industry best practices
Must have implemented custom log sources and use cases
Must have customer facing experience in terms of doing POCs
Providing standard gap analysis services to internal business and technology partners
Good Understanding of IT security policy, procedure, design, and implementation
In Depth experience in managing security incidents and critical alerts
Expertise in KQL language
Expertise in dashboard creation for various customers
Configuring deployment and prevention policies based on business risks
Experience in handling correlation of alerts and reports in Sentinel
Basic Knowledge on security models such as ITIL, ISO27002, PCI DSS and Cobit 5
SC-200 Certification (Microsoft Security Operations Analyst) or SC-900 Certification
Bachelor's degree preferably in Computer Science or Information Systems and /or equivalent formal training or work experience
Behavioral Skills:
Effective interpersonal, team building, team management and communication skills
Ability to collaborate; be able to communicate clearly and concisely both to laypeople and peers, be able to follow instructions, make a team stronger for your presence and not weaker
Ability to see the bigger picture and differing perspectives; to compromise, to balance competing priorities, and to prioritize the user
Desire for continuous improvement, of the worthy sort; always be learning and seeking improvement, avoid change aversion and excessive conservatism, equally avoid harmful perfectionism, not-invented-here syndrome and damaging pursuit of the bleeding edge for its own sake
Learn things quickly, while working outside the area of expertise.
Analyze a problem and realize exactly what all will be affected by even the smallest of change you make in your design
Ability to communicate complex technology to non-tech audience in simple and precise manner
Qualifications
Bachelor's degree in Computer Science, Engineering, or related field, or equivalent work experience.
At least 7+ years of experience in deploying and managing SIEM solutions, such as Splunk, QRadar, ArcSight, or LogRhythm.
At least 1 year of experience in migrating from other SIEM tools to Sentinel.
Strong knowledge of Azure cloud services and security features.
Proficient in PowerShell, Azure CLI, Kusto Query Language (KQL), and Logic Apps.
Familiar with security standards and frameworks, such as NIST, ISO, and CIS.
Excellent communication, presentation, and problem-solving skills.
Certifications in Azure Security, Sentinel, or other SIEM tools are preferred.
