MICROSOFT SENTINEL IMPLEMENTATION SECURITY ENGINEER

Job Summary:

We are seeking a skilled and proactive Microsoft Sentinel Implementation Security Engineer to lead the deployment integration and optimization of Microsoft Sentinel across hybrid cloud and on-premises environments. This role involves hands-on implementation automation and operational enablement of Sentinel SIEM/SOAR capabilities ensuring seamless log ingestion threat detection and incident response.

Collector and Agent Configuration

1. Setup and configure any required Sentinel collectors e.g. Azure Monitor Agent (AMA) Syslog/CEF connectors or custom collectors.
2. Ensure high availability and redundancy of log forwarding infrastructure.
3. Document all collector configurations and network requirements (ports protocols firewall rules).

Log Source Onboarding and Data Connector Configuration

1. identify all existing log sources currently reporting to QRadar.
2. Map each log source to the corresponding Microsoft Sentinel data connector.
3. Enable and configure all required built-in data connectors (Syslog CEF AMA API-based etc.).
4. Configure all initiatives and policies to ensure complete coverage in sentinel across all subscription.
5. Configure diagnostic settings for Azure-native services/workloads to send logs to Sentinel.
6. Set up event forwarding agents or collectors where required (e.g. AMA Log Forwarders).

Parsing and Data Normalization

1. Validate that all onboarded log sources are properly parsed and mapped to standard schemas (ASIM or Microsoft-recommended tables).
2. Create or update custom parsers (Kusto Function-based) if needed.
3. Ensure enrichment fields and key attributes are properly extracted for security analytics.

Log Ingestion Health Monitoring

1. Implement logic to monitor log stoppages based on historical EPS (Events Per Second) for each onboarded device/log source.
2. Configure Alerts/Workbooks in Sentinel for real-time visibility on ingestion issues.
3. Automate EPS trend monitoring and anomaly detection (e.g. through Scheduled Analytics Rules or Logic Apps).

Use Case and Detection Logic Migration

1. Perform gap analysis between QRadar rules/use cases and Sentinel Analytics Rules.
2. Rebuild use cases in Sentinel using Kusto Query Language (KQL) for Analytics Rules Hunting Queries and Workbook visuals.
3. Reconfigure alerting logic severity suppression and incident creation behavior.
4. Validate detection logic with test logs or simulations where possible.

Documentation and Handover

1. Maintain complete documentation of:
2. Sentinel architecture and configuration
3. Onboarded log sources and connectors
4. Custom parsers and rules
5. Use cases mapping (QRadar to Sentinel)
6. Monitoring and alerting configuration

Handover and Training

Provide training/workshops to internal SOC or engineering team on Sentinel management.

Handover all configuration artifacts and credentials.

Support and Post-Implementation Validation

Assist in UAT (User Acceptance Testing) and fine-tuning of rules.

Support stabilization period (X weeks post-implementation).

Provide escalation support for any ingestion or detection issues.

Preferred Certifications:

• Microsoft Certified: Security Operations Analyst Associate (SC-200)
• Microsoft Certified: Azure Security Engineer Associate
• Other relevant certifications (e.g. CISSP CEH CompTIA Security)

Vertical

Technology