Mô tả công việc
• SIEM/Sentinel Management: Configure and maintain log data connectors, write KQL queries for custom detection rules, and manage dashboards inside Microsoft Sentinel.
• Incident Response & Hunting: Actively monitor security alerts (MDE, Entra ID, SharePoint), investigate identity/endpoint compromise, and execute containment protocols (session revocation, host isolation).
• Playbook Automation & Audit: Develop automated response playbooks to accelerate threat mitigation and maintain clear audit trails for external framework reviews (ISO/MCA Line 3).
Yêu cầu
1. Knowledge (*):
• Years of Experience: Minimum of 3-5 years of hands-on experience working in a SOC (Security Operations Center) environment or managing enterprise-grade security systems.
• Microsoft Sentinel (SIEM/SOAR) Expertise:
o Proficient in configuring and managing Data Connectors to ingest logs from Endpoints, Cloud (M365/Azure), Firewalls, and Network devices into Microsoft Sentinel.
o Strong KQL (Kusto Query Language) skills to design custom Analytics Rules, perform Threat Hunting, and build visualization Workbooks.
o Experience in developing automated incident response workflows using SOAR Playbooks (via Azure Logic Apps).
• Microsoft Defender (XDR) Management:
o Deep understanding and operational experience with the Microsoft Defender suite: Defender for Endpoint (EDR), Defender for Identity, Defender for Cloud Apps (CASB), and Defender for Office 365.
o Ability to investigate security alerts, perform malware analysis, isolate compromised endpoints, and remediate system vulnerabilities.
• Microsoft Purview (Data Governance & Compliance):
o Hands-on experience in implementing data protection policies, including Information Protection (Sensitivity Labels) and Data Loss Prevention (DLP) across cloud and endpoint environments.
o Familiarity with Insider Risk Management and eDiscovery workflows for internal forensic investigations.
2. Skills (*):
• Incident Response: Strong capability in alert triage, root-cause analysis, and cross-functional collaboration with Infrastructure teams (Network/System) to contain and mitigate security incidents.
• SOPs & Reporting: Ability to document incident response playbooks, draft comprehensive post-mortem reports, and present security metrics to management.
• Language Proficiency: Good command of English (both written and verbal) for technical documentation, vendor collaboration, and reporting.
3. Qualities (*):
• Education: Bachelor's degree or higher in Information Security, Information Technology, or related technical fields.
• Required/Highly Preferred Certifications:
o Required: SC-200 (Microsoft Security Operations Analyst) or MS-500 (Microsoft 365 Security Administration).
o Highly Preferred: SC-100 (Microsoft Cybersecurity Architect), SC-300, or SC-400 (Information Protection Administrator).
o Industry Certifications (Plus): CEH, CISSP, CompTIA Security+, or specialized SOC/Incident Response certifications.
Quyền lợi
Thưởng
Attractive
Chăm sóc sức khoẻ
Health Insurance 24/7
Đào tạo
Annual
Thông tin khác
NGÀY ĐĂNG
28/05/2026
CẤP BẬC
Nhân viên
NGÀNH NGHỀ
Công Nghệ Thông Tin/Viễn Thông > Bảo Mật Công Nghệ Thông Tin
KỸ NĂNG
IT Security, Cybersecurity, Data Governance, Siem, XDR
LĨNH VỰC
Bất Động Sản/Cho thuê
NGÔN NGỮ TRÌNH BÀY HỒ SƠ
Tiếng Anh
SỐ NĂM KINH NGHIỆM TỐI THIỂU
3
QUỐC TỊCH
Không hiển thị
Xem thêm
Thông tin chung
Nơi làm việc
- No. 8, Dai Lo Huu Nghi, VSIP, Thuan An, Binh Duong