Job Summary:
We are seeking a skilled and proactive Microsoft Sentinel Implementation Security Engineer to lead the deployment integration and optimization of Microsoft Sentinel across hybrid cloud and on-premises environments. This role involves hands-on implementation automation and operational enablement of Sentinel SIEM/SOAR capabilities ensuring seamless log ingestion threat detection and incident response.
Collector and Agent Configuration
- Setup and configure any required Sentinel collectors e.g. Azure Monitor Agent (AMA) Syslog/CEF connectors or custom collectors.
- Ensure high availability and redundancy of log forwarding infrastructure.
- Document all collector configurations and network requirements (ports protocols firewall rules).
Log Source Onboarding and Data Connector Configuration
- identify all existing log sources currently reporting to QRadar.
- Map each log source to the corresponding Microsoft Sentinel data connector.
- Enable and configure all required built-in data connectors (Syslog CEF AMA API-based etc.).
- Configure all initiatives and policies to ensure complete coverage in sentinel across all subscription.
- Configure diagnostic settings for Azure-native services/workloads to send logs to Sentinel.
- Set up event forwarding agents or collectors where required (e.g. AMA Log Forwarders).
Parsing and Data Normalization
- Validate that all onboarded log sources are properly parsed and mapped to standard schemas (ASIM or Microsoft-recommended tables).
- Create or update custom parsers (Kusto Function-based) if needed.
- Ensure enrichment fields and key attributes are properly extracted for security analytics.
Log Ingestion Health Monitoring
- Implement logic to monitor log stoppages based on historical EPS (Events Per Second) for each onboarded device/log source.
- Configure Alerts/Workbooks in Sentinel for real-time visibility on ingestion issues.
- Automate EPS trend monitoring and anomaly detection (e.g. through Scheduled Analytics Rules or Logic Apps).
Use Case and Detection Logic Migration
- Perform gap analysis between QRadar rules/use cases and Sentinel Analytics Rules.
- Rebuild use cases in Sentinel using Kusto Query Language (KQL) for Analytics Rules Hunting Queries and Workbook visuals.
- Reconfigure alerting logic severity suppression and incident creation behavior.
- Validate detection logic with test logs or simulations where possible.
Documentation and Handover
- Maintain complete documentation of:
- Sentinel architecture and configuration
- Onboarded log sources and connectors
- Custom parsers and rules
- Use cases mapping (QRadar to Sentinel)
- Monitoring and alerting configuration
Handover and Training
Provide training/workshops to internal SOC or engineering team on Sentinel management.
Handover all configuration artifacts and credentials.
Support and Post-Implementation Validation
Assist in UAT (User Acceptance Testing) and fine-tuning of rules.
Support stabilization period (X weeks post-implementation).
Provide escalation support for any ingestion or detection issues.
Preferred Certifications:
- Microsoft Certified: Security Operations Analyst Associate (SC-200)
- Microsoft Certified: Azure Security Engineer Associate
- Other relevant certifications (e.g. CISSP CEH CompTIA Security)
Vertical
Technology