Role Description
To design and develop the SOC detection and response framework from the ground up.
Responsibilities
- SOC Rule & Policy Development:
- Design, build and tune custom KQL detection rules in Microsoft Sentinel and Defender XDR.
- Develop and enforce security baselines and Intune compliance policies across endpoints.
- Configure Defender for Endpoint, Defender for Identity and Defender for Cloud Apps policies to enhance visibility and detection coverage.
- SIEM/SOAR Configuration:
- Configure data connectors, data collection rules (DCR/DCE) and log analytics workspaces in Azure
Sentinel. - Define parsing, normalization and custom table schemas for non-native data sources.
- Develop automated playbooks (Logic Apps) to streamline alert enrichment, notification and escalation
workflows.
- Configure data connectors, data collection rules (DCR/DCE) and log analytics workspaces in Azure
- Alerting, Tuning & Incident Response:
- Create and maintain alert rules, analytic queries and automation rules to ensure actionable alerts with
minimal false positives. - Work closely with Tier 1/2 analysts to continuously tune rule thresholds and response triggers.
- Conduct threat hunting activities using advanced hunting queries in Defender XDR and Sentinel.
- Create and maintain alert rules, analytic queries and automation rules to ensure actionable alerts with
- Governance & Documentation:
- Develop and maintain the SOC policy framework, including alert handling, escalation matrix and severity
classification. - Document all rule sets, configurations and workflows in a structured SOC Knowledge Base.
- Collaborate with compliance teams to ensure alignment with ISO 27001, GDPR and company ISMS
standards.
- Develop and maintain the SOC policy framework, including alert handling, escalation matrix and severity
- Continuous Improvement:
- Research new threat vectors, detection techniques and Microsoft security feature updates.
- Participate in red/blue team simulations to validate detection and response coverage.
Requirements
- Bachelor’s Degree in Computer Science, Information Technology, Engineering, or a related field.
- Minimum 3 – 5 years of SOC or Security Engineering experience.
- Strong understanding of SIEM/SOAR operations, log management and incident response workflows.
- Familiar with KQL (Kusto Query Language) and PowerShell scripting for automation.
- Knowledge of MITRE ATT&CK, NIST and ISO 27001 frameworks.
- Excellent problem-solving, documentation and analytical skills.
- Hands-on experience with Microsoft Defender XDR (Endpoint, Identity, Cloud Apps), Microsoft Sentinel (KQL, Analytic Rules, Logic Apps), Intune (Endpoint Security, Compliance Policies, Configuration Profiles), Entra ID / Azure AD Conditional Access Policies and Microsoft Purview (DLP, Insider Risk, Information Protection).
