Job Description

Role Purpose

We are seeking an experienced Incident Response (IR) professional with strong expertise in Microsoft Sentinel to join our cybersecurity team. The ideal candidate will lead detection, investigation, and response activities for security incidents, ensuring rapid containment and remediation of threats across enterprise environments.

͏

Key Responsibilities

• Incident Handling & Response

• Lead end-to-end incident response processes, including triage, containment, eradication, and recovery.

• Perform root cause analysis and develop corrective actions to prevent recurrence.

• Threat Detection & Monitoring

• Design and optimize detection rules, analytics, and playbooks in Microsoft Sentinel.

• Monitor security alerts and correlate events across multiple sources.

• Forensics & Investigation

• Conduct in-depth analysis of logs, network traffic, and endpoint data to identify malicious activity.

• Prepare detailed incident reports and recommend improvements.

• Automation & Playbooks

• Develop and maintain automated workflows in Sentinel for faster response.

• Collaboration

• Work closely with SOC, Threat Intelligence, and Vulnerability Management teams.

• Provide guidance and mentorship to junior analysts.

• Compliance & Reporting

• Ensure adherence to regulatory and organizational security standards.

• Document incidents and maintain evidence for audits.

͏

Required Skills & Qualifications

• Experience: 8–10 years in cybersecurity, with at least 3–4 years in Incident Response.

• Microsoft Sentinel Expertise: Hands-on experience in configuring, tuning, and managing Sentinel, including KQL queries and playbook development.

• Strong knowledge of SIEM, SOAR, and EDR tools.

• Familiarity with MITRE ATT&CK framework and threat-hunting methodologies.

• Proficiency in scripting (PowerShell, Python) for automation.

• Excellent analytical, problem-solving, and communication skills.

• Relevant certifications preferred: Microsoft Certified: Security Operations Analyst, GCFA, GCIH, or equivalent.