Security Operations Engineer

The role 

We are looking for a Security Operations Engineer to join out IT infrastructure team. You will be responsible for monitoring, detecting, and responding to security incidents across Microsoft Sentinel, Defender XDR, Entra ID, and Purview. This includes investigating threats, tuning detection, creating automation playbooks, and ensuring compliance with data protection policies. You will collaborate with IT, security, and compliance teams to strengthen the organization’s security posture and enable a proactive defense strategy.

Your responsibilities: 

• Monitor, investigate, and respond to security incidents across Sentinel and Defender XDR.
• Administer, configure, and enhance Microsoft Sentinel (rules, playbooks, automation workflows).
• Detect and respond to identity-based threats in Entra ID and enforce conditional access & MFA policies.
• Configure, monitor, and investigate alerts from Microsoft Purview (DLP, insider risk, compliance violations).
• Perform threat hunting using Sentinel and Defender telemetry.
• Tune detections and reduce false positives to increase SOC efficiency.
• Create and maintain security automation (Logic Apps, PowerShell runbooks, Sentinel playbooks).
• Provide reporting and documentation for incidents, investigations, and compliance requirements.
• Collaborate with IT, SecOps, and compliance teams to improve detection coverage and response processes.

Must-haves: 

• 3+ years of hands-on experience with Microsoft Security technologies in enterprise environments.
• Deep experience with:
  • Microsoft Sentinel (KQL queries, analytic rules, automation playbooks, dashboards).
  • Microsoft Defender XDR (Defender for Endpoint, Identity, Office 365, Cloud Apps).
  • Microsoft Entra ID (identity protection, conditional access, PIM).
  • Microsoft Purview (DLP, sensitivity labels, insider risk, eDiscovery).
• Strong understanding of identity and access management, authentication protocols (SAML, OAuth, OpenID Connect, Kerberos).
• Knowledge of SIEM/SOAR concepts, incident response workflows, and the MITRE ATT&CK framework.
• Development/scripting experience using:
  • Kusto Query Language (KQL)
  • PowerShell (primary)
  • RESTful APIs / Microsoft Graph API
  • Python or Bash (nice to have).
• Strong troubleshooting and forensic investigation skills across endpoints, identities, and cloud workloads.
• Intermediate written and spoken English is required.

Nice-to-haves: 

• 3+ years of hands-on experience with Microsoft Security technologies in enterprise environments.
• Deep experience with:
  • Microsoft Sentinel (KQL queries, analytic rules, automation playbooks, dashboards).
  • Microsoft Defender XDR (Defender for Endpoint, Identity, Office 365, Cloud Apps).
  • Microsoft Entra ID (identity protection, conditional access, PIM).
  • Microsoft Purview (DLP, sensitivity labels, insider risk, eDiscovery).
• Strong understanding of identity and access management, authentication protocols (SAML, OAuth, OpenID Connect, Kerberos).
• Knowledge of SIEM/SOAR concepts, incident response workflows, and the MITRE ATT&CK framework.
• Development/scripting experience using:
  • Kusto Query Language (KQL)
  • PowerShell (primary)
  • RESTful APIs / Microsoft Graph API
  • Python or Bash (nice to have).
• Strong troubleshooting and forensic investigation skills across endpoints, identities, and cloud workloads.
• Intermediate written and spoken English is required.

We conduct coding interviews as part of the process.