Azure Sentinel Engineer

Mandatory Qualifications: 
  • Bachelor’s degree in Information Technology (IT) related field
  • Three (3) years of Azure Sentinel experience
  • Three (3) years of Kusto Query Language experience
  • One (1) year of Information Security experience
  • High proficiency with Azure Sentinel and Azure Log Analytics.
  • Demonstrated background development of analytics rules, incidents, playbooks, notebooks, workbooks, threat hunting, and KQL queries for data normalization and parsing capabilities within Log Analytics’ data ingestion pipeline.
  • Understanding of Security Operation Center tool applications
  • Advanced event analysis leveraging Azure Sentinel SIEM
  • Solid knowledge of M365 security toolsets
  • Expertise in Azure Logic Apps, Microsoft Flow and Power BI
  • Advanced incident investigation and response skill set
  • Advanced log parsing and analysis skillset
  • Proficient in Python, PowerShell, or C#
  • Proficient in Linux configuration and common administration tasks
Tasks & Responsibilities:   
  • Development and training for design, configuration and on-boarding of data sources:
  • Specific expertise using KQL query language
  • Data drill-down and Custom dashboards
  • Provide Threat
  • Intelligence and Hunting templates
  • Detection and response for best practices and procedures
  • Build and tune alerting scenarios for investigations
  • Develop playbooks to execute automatically when an alter is triggered
  • Data export of relevant forensic analysis data with data preservation
  • Data ingestion and parsing of logs
Monitor:
  • Identity Access Management (IAM)
  • Application data & performance
  • Critical servers and services log data
  • Support for ad hoc queries for incident investigation with the ability to query both normalized data and original data collected.
  • Event session reconstruction to present the raw data is an understandable way.
  • Graphical representation of information and data
  • Add additional log data to gain deeper insight into network activities.
  • Logic App Notifications and alerts.
  • Create and save custom queries, workbooks and templates.
  • How to import, save and utilize GitHub Sentinel and Sentinel related tools related code.
  • Other use cases and best practices that would be of interest.
  • Development, training, and implementation of data management and security capabilities:
  • Role-based access control to the data
  • Encryption of all data within remote collectors/aggregators/analyzers, where such devices are able to be part of the solution.
  • Establish retention of logs, events, and access notifications for a period of two (2) years.
  • Development and training for alert and alarm (workbook)
  • Enable mechanism to set off alerts and alarms when incidents are detected
  • Enable third-party ticketing systems integration
  • Development and training for remediation (playbook)
  • Enable bi-directional communication with network and security devices to enable remediation of defined incidents
Enable the ability:
  • To create remediation activities defined by administrators
  • To generate automated remediation policies
  • To integrate with security technologies and non-security solutions for remediation actions
  • Implementation of approval of workflow with hierarchy of approval when remediating activities
  • Development and training for full audit trails
  • Configure the solution to provide full audit trails within the system
  • Audit trails must be able to log all access to the system, alerting and alarming actions.
  • Enable role-based access controls (RBAC) when able.
  • Development and training for data visualization
  • Implement best practices when presenting data in a usable format.
  • Create and deploy data visualizations for a Security Operations Center shared monitor (or television) overhead data presentation platform.
  • Create and deploy custom dashboards.
  • Presentation of data using a combination of tools with Power Builder, Microsoft O365, Azure or third-party recommended tools.
  • Implementation of big data analytics
  • Integrate with purpose-built big data repositories
  • Integrate with purpose-built big data security analytics
  • The Offeror proposed resource will be focusing primarily on SIEM and SOAR use case development and data collection primarily utilizing the Azure Sentinel and Azure Log Analytics toolsets.
  • Develop of SIEM and SOAR use cases and log data collection utilizing the Azure Sentinel and Azure Log Analytics toolsets will be required.
Education:

Bachelor’s degree in Information Technology (IT) related field.

To apply for this job email your details to careers@wati.com

Menu