Microsoft Sentinel SIEM Engineer

This is a remote position.

Requirements

• BA/BS degree in Computer Science Business Management or an ITrelated field (with at least 3 years of experience determined by the AOC )
  

• Three (3) years experience with Azure Sentinel.
  
• Three (3) years experience with Kusto Query Language.
  
• One (1) year experience with Information Security.
  
• Active Microsoft Security Operations Analyst Associate certification.
  

• The SIEM Engineer is responsible for designing implementing and managing the Microsoft Sentinel SIEM solution to collect analyze and visualize data from various sources within the Judiciary. This role involves managing the SIEM environment creating dashboards and ensuring the effective use of SIEMs capabilities to monitor detect and respond to security threats and operational insights for the consumption of the Security Analysts. The Microsoft Sentinel SIEM Engineer will work closely with security analysts and stakeholders to optimize data intelligence and drive informed incident detection and response.
  

• SIEM Configuration:
  
• Design and deploy SIEM resources including configuring analytics rules playbooks Azure logic apps and data connectors to support data collection and analysis needs.
  
• Optimize SIEM configurations to ensure efficient data storage retrieval and search capabilities.
  
• Data Collection and Integration
  
• Collaborate with system owners to identify available data sources and drive initiatives to ingest that system data.
  
• Develop data ingestion strategies create data inputs and set up data source integration for various log and event data types.
  
• Design and implement data normalization and transformation processes for consistent and accurate analysis.
  
• Dashboard and Visualization Development;
  
• Design and create interactive dashboards reports and visualizations using SIEMs capabilities.
  
• Present data insights in a clear and actionable manner to support decisionmaking processes.
  
• Develop data visuals for the SOC displays screens.
  
• Search Queries and Alerts:
  
• Develop and optimize analytics rules and alert mechanisms to proactively monitor for security threats anomalies and operational issues.
  
• Configure alerts to trigger automated responses or notifications based on predefined criteria.
  
• SIEM App Development:
  
• Build custom SIEM apps and addons to extend functionality and support specific agency requirements.
  
• Collaborate with development teams to integrate SIEM with other systems and tools
  
• Security and Compliance:
  
• Implement security controls and best practices to protect data stored in SIEM and ensure compliance with relevant regulations and standards.
  
• Monitor and analyze securityrelated events to detect and respond to potential threats.
  
• Performance Optimization:
  
• Monitor system performance and troubleshoot issues related to data indexing search performance and resource utilization
  
• Implement optimizations to enhance SIEMs efficiency and responsiveness.
  
• Training and Documentation:
  
• Provide training and guidance to other clients SOC team members on Microsoft Sentinel best practices usage and administration.
  
• Create documentation for configurations processes and troubleshooting procedures
  
  

Benefits

• Recent experience with the administration and management of Microsoft Sentinel.
  
• Experience developing compiling and executing KQL queries.
  
• Strong aptitude to learn platforms to work with stakeholders to understand and provide thoughts on how to customize and maintain platforms to meet organizational business needs.
  
• Experience generating playbooks and using Azure logic apps for security orchestration automation and response.
  
• Experience in querying reviewing and providing contextual information from log data.
  
• Proficient in the use of M365 Office suite of tool.
  
• Ability to establish and maintain effective working relationships with peers end users and vendor development staff as well as all levels of management and judicial personnel as necessary
  
• Ability to communicate clearly and lead technical discussions related to log data management and knowledge sharing.