Senior Officer (Siem/ SOC - Sentinel Operator)

1. Knowledge (*):
• Years of Experience: Minimum of 3-5 years of hands-on experience working in a SOC (Security Operations Center) environment or managing enterprise-grade security systems.
• Microsoft Sentinel (SIEM/SOAR) Expertise:
o Proficient in configuring and managing Data Connectors to ingest logs from Endpoints, Cloud (M365/Azure), Firewalls, and Network devices into Microsoft Sentinel.
o Strong KQL (Kusto Query Language) skills to design custom Analytics Rules, perform Threat Hunting, and build visualization Workbooks.
o Experience in developing automated incident response workflows using SOAR Playbooks (via Azure Logic Apps).
• Microsoft Defender (XDR) Management:
o Deep understanding and operational experience with the Microsoft Defender suite: Defender for Endpoint (EDR), Defender for Identity, Defender for Cloud Apps (CASB), and Defender for Office 365.
o Ability to investigate security alerts, perform malware analysis, isolate compromised endpoints, and remediate system vulnerabilities.
• Microsoft Purview (Data Governance & Compliance):
o Hands-on experience in implementing data protection policies, including Information Protection (Sensitivity Labels) and Data Loss Prevention (DLP) across cloud and endpoint environments.
o Familiarity with Insider Risk Management and eDiscovery workflows for internal forensic investigations.
2. Skills (*):
• Incident Response: Strong capability in alert triage, root-cause analysis, and cross-functional collaboration with Infrastructure teams (Network/System) to contain and mitigate security incidents.
• SOPs & Reporting: Ability to document incident response playbooks, draft comprehensive post-mortem reports, and present security metrics to management.
• Language Proficiency: Good command of English (both written and verbal) for technical documentation, vendor collaboration, and reporting.
3. Qualities (*):
• Education: Bachelor's degree or higher in Information Security, Information Technology, or related technical fields.
• Required/Highly Preferred Certifications:
o Required: SC-200 (Microsoft Security Operations Analyst) or MS-500 (Microsoft 365 Security Administration).
o Highly Preferred: SC-100 (Microsoft Cybersecurity Architect), SC-300, or SC-400 (Information Protection Administrator).
o Industry Certifications (Plus): CEH, CISSP, CompTIA Security+, or specialized SOC/Incident Response certifications.