ESSENTIAL JOB FUNCTIONS:
- Manage the daytoday operations of Microsoft Sentinel / Splunk including rule creation log ingestion data analytics and alert triaging.
- Drive SIEM migration efforts including planning implementation and postmigration optimization.
- Develop and tune detection rules use cases and analytics within Sentinel to improve threat visibility and detection capabilities.
- Perform proactive threat hunting to identify and mitigate advanced threats.
- Conduct indepth incident investigations and coordinate response efforts to ensure swift remediation.
- Collaborate with internal stakeholders and the Threat Intelligence team to identify and mitigate potential security threats.
- Generate reports and dashboards to communicate SOC performance metrics and security posture to leadership.
- Continuously improve SOC processes and playbooks to streamline operations and response efforts.
- Mentor junior SOC analysts and provide guidance on security best practices.
- This role requires participation in a rotational shift.
- Flexibility and availability to respond to urgent incidents outside of assigned shifts as needed.
MUST HAVE KNOWLEDGE SKILLS & ABILITIES:
- Strong analytical and problemsolving abilities.
- Excellent communication and interpersonal skills to effectively collaborate with crossfunctional teams.
- Proven ability to remain calm and efficient under pressure in highstress environments.
- Proficient in using SIEM tools such as Microsoft Sentinel and Splunk.
- Experience with data migration strategies across SIEM platforms.
- Indepth understanding of cyber threats vulnerabilities and attack vectors.
- Proficient in creating KQL queries and custom alerts within Microsoft Sentinel.
- Expertise in developing SIEM use cases and detection rules.
- Skilled in incident response and management procedures.
- Experienced in conducting deepdive investigations and root cause analysis for incidents.
- Adept at collaborating with stakeholders to resolve complex cybersecurity challenges.
- Ability to automate routine SOC processes to enhance operational efficiency.
- Experienced in mentoring and guiding junior analysts in security operations.
- Knowledge of major cloud platforms (AWS Azure GCP) including their security models IAM roles virtual private cloud (VPC) configurations and cloudnative security tools.