Must have experience in Sentinel - Security Information and Event Management (SIEM)
Microsoft Sentinel is a cloud-native Security Information and Event Management (SIEM) and Security Orchestration Automated Response (SOAR) solution provided by Microsoft. It’s used to:
o Collect security data from across the entire enterprise — including users, devices, applications, and infrastructure — both on-premises and in the cloud (Azure, AWS, etc.)
o Detect threats and suspicious activity using AI and built-in analytics
o Investigate security incidents with powerful tools and visualizations
o Respond to incidents quickly using automated workflows
Key Skills to Look For:
1. Microsoft Sentinel Expertise:
• Experience setting up and configuring Sentinel workspaces
• Creating and managing analytics rules and playbooks
• Building custom detections and alerts
2. SIEM Experience:
• Prior experience with any SIEM tools (Splunk, ArcSight, QRadar, etc.)
• Understanding of log aggregation, correlation, and incident response
3. Kusto Query Language (KQL):
• Ability to write queries in KQL for hunting, analysis, and dashboards
4. Security Knowledge:
• Familiarity with cybersecurity concepts (threat hunting, malware analysis, MITRE ATT&CK framework, etc.)
• Understanding of compliance and security frameworks (NIST, ISO 27001, etc.)
5. Azure Ecosystem:
• Experience with other Azure services (Log Analytics, Azure AD, Defender for Cloud, etc.)
• Knowledge of Azure Resource Manager (ARM) templates or Bicep for deployments
6. Automation & SOAR:
• Experience building playbooks using Azure Logic Apps for automated incident response
7. Certifications (Nice to Have):
• Microsoft Certified: Azure Security Engineer Associate
• Microsoft Certified: Security Operations Analyst Associate
• CompTIA Security+, CISSP, etc.