Security Engineer: ( Microsoft Subject Matter Expert) :
Fulltime Remote
About the Role:
Do you want to be on the frontline fighting for safe use within the digital frontier? Does describing your job to your family and friends as being a cyberwarrior or threat hunter sound awesome or awe inspiring? Then join us as part of our Security Operations Center (SOC)
Engineering team as a Microsoft Services Subject Matter Expert (SME) supporting our frontline Threat Hunters. In addition, given the rapid changes within the Microsoft ecosystem you will also be working cross-functionally with Product Management and R&D Engineering to drive differentiation within our service as well with our Business Development team to help maintain the relationship with Microsoft.
While this role will have business responsibilities that will help you expand your career options, the primary day to day role is as a Security Engineer. As a Security Engineer, you will serve as a critical support system for the SOC. You will create, enhance, and tune alerts and detections so that the SOC can best defend our client's networks. Your goal will be to continually improve the detection and alerting that the SOC receives. In some cases, you will work directly with clients to ensure that they send us the most beneficial and important data. You will leverage our tech stack, elements of Microsoft and provide ongoing support both internally and externally. In short, you will be a critical member of the team using Microsoft Defender, Microsoft Sentinel, Microsoft Suite including Purview, Entra, Intune tools, the Pondurance SIEM and SOAR as well as other products and services to protect our clients in the ever-changing threat landscape.
Responsibilities:
Stay on the forefront of the Microsoft ecosystem
Drive security detection improvements
Tune existing alerts and client data in our SIEM tooling for optimal performance.
Identify workflow improvements and curate new automations through our SOAR platform
Assist in continuous improvement efforts to evaluate detection and response capabilities
Develop methods to detect potential threats
Maintain the SOAR platform in support of day-to-day SOC activities
Work with cross-functional teams to enhance detection capabilities
Qualifications:
Strong understanding of tuning alerts and pertinent logs to aid in detecting threats
Expert knowledge of Microsoft including, but not limited to Defender, Sentinel, Purview, Entra, and Intune
Experience building data retrieval from the Microsoft security ecosystem
Leveraging detection mechanisms within SIEMs and SOAR
A strong understanding of cyber-attacks, MITRE ATT&CK framework, emerging threats and threat modelling as well as security research techniques
Intermediate experience with Python, PowerShell, Bash or Go
Intermediate experience with IDS/IPS systems
Talents:
Ability to adjust and adapt in a fast pace and dynamic environment, including changes in responsibilities as the business evolves.
Capacity for Synthesis: bring together disparate elements to create a coherent entity or a big-picture overview in order to gain a new perspective
Applied Technical Thinking: apply specialized, theoretical knowledge to efficient operational uses
Demonstrate strong composure with a balance of urgency and intensity, as well as focus
