Home

Microsoft Azure Sentinel SIEM Engineer, USC, GC, TN or GC-EAD only at Sentinel, Oklahoma, USA
Email: [email protected]
From:

Shikha,

KPG99

[email protected]

Reply to:   [email protected]

Hi,

Hope you are doing well.

Please find the job description below and let me know your interest.

Position:

 Microsoft Azure Sentinel SIEM Engineer, USC/GC/TN/GC-EAD only

 Location: Remote

Duration: 6+ Month

MOI:  Phone and Video  

RTR - The signature cannot be typed in. The candidate will need to use DocuSign, printer/scanner are any other application.   

Senior Secure Innovation and Resilience (SI&R) Resource - Microsoft Azure Professional who is experienced with Kusto Query Language (KQL) and design of security-specific alerts. The senior resource will work within the current information security team and perform as a lead technical Subject Matter Expert (SME) that will also liaise to the appropriate business units (BU) to support security strategy and ensure accuracy of related data.

Resource will evaluate specific logging, monitoring, and alerting events for efficiency and provide industry best practice recommendation for continuous improvement as application portfolio is moved into a Security Information and Event Management (SIEM)

solution. Additionally, the resource will follow established delivery cadence for either agile (methods for sprint planning, sprint refinements, sprint standup, and retrospectives) or traditional waterfall where appropriate.

Resource will provide professional services deeply rooted in Azure Log Analytics with focus on Kusto Query Language (KQL). The resource will collaborate with technical and business teams as needed to determine any deficiencies and ensure continuous improvement as well as take part in any related agile or traditional development engagements which ultimately integrate with the teams application portfolio.

The resource shall provide the following analytical, development, and support services:

         Evaluate specific applications capability for logging, monitoring, and alerting information in the

environment either on-prem, cloud, or hybrid

         Serve as a critical Quality Assurance (QA) point within a four-stage process used to integrate application portfolio to Splunk Logging and Alerting

         Evaluate the completeness and accuracy of the information provided and verify that the log entries meet criteria provided for monitoring and alerting.

         Validate the submitted information through use of Microsoft (KQL) and assist with mapping to data in Splunk.

         Identify deficiencies and revert the workflow as needed to collect additional information when encountering inaccurate or incomplete information.

         Interact with the appropriate Business Unit (BU) contact and/or technical contact to gain clarity on difficult to obtain, incomplete, or inaccurate information.

Activity

Deliverables

Development and Analysis functions to validate existing logs are sufficient to implement monitoring and alerting.

-          Use Azure Log Analytics to collect and index log data, develop queries, log integration support and reporting.

-          Ingest new data sources to implement use cases, dashboards, and automated reports

-          Azure Log Analytics CSOC use cases and related queries.

-          Associated scripts, etc. for remediation of 
use 
cases that failed to execute.

-           
Define and assist in the creation of operational and executive security reports and dashboards.

-          Root Cause Analysis of issues

-          Capture and migration of documentation of use cases, queries, alerts, etc. for storing into

ServiceNow Knowledge Management articles

-          Perform Quality Assurance review of new use cases prior to deployment into application portfolio.

-          Ensure standards are maintained.

-          Validate the submitted information through use of KQL.

-          Troubleshoot existing use cases for root cause and provide issue resolution.

-          Assist with identifying and escalating issues and risks developing plans for resolution.

-          Assist with issue and risk prioritization

or leverage Azure ADO Wiki pages to create knowledge management articles.

-     Conduct 1-1 training and job shadowing for comprehensive knowledge transfer

Role

Critical Skills

Microsoft Azure Sentinel SIEM Engineer

-          Expert-level, hands-on Log Analytics engineer with experience in complex environments

-          Expert in Kusto Query Language (KQL)

-          Deep knowledge of other SIEM platforms, such as Splunk, QRadar, or Arcsight

-          Previous experience in applying knowledge to uncover threats based on log data within Cloud Service Provider (CSP) environments (Azure AAD, Azure Resources, Event logs, etc.) to build, analyze, and tune detections.

-          Experience with Microsoft Cloud Security Technologies such as Azure Sentinel, Microsoft Defender, MDE, ATP, Azure Data Explorer and Azure Log Analytics or similar products like ArcSight, Splunk and Logstash

-           Demonstrated ability to understand and communicate technical details with varying

levels of management

Keywords: quality analyst rlang green card trade national Tennessee
[email protected]
View all
Thu Oct 26 20:04:00 UTC 2023

To remove this job post send "job_kill 793402" as subject from [email protected] to [email protected]. Do not write anything extra in the subject line as this is a automatic system which will not work otherwise.


Your reply to [email protected] -
To       

Subject   
Message -

Your email id:

Captcha Image:
Captcha Code:


Pages not loading, taking too much time to load, server timeout or unavailable, or any other issues please contact admin at [email protected]
Time Taken: 0

Location: ,