TECHNICAL LEAD - Azure Sentinel SIEM

Job Description ? SOC L3 Analyst (Microsoft Sentinel SIEM)

Role Overview

We are seeking a highly skilled SOC L3 Analyst with deep expertise in Microsoft Sentinel SIEM to lead advanced security monitoring, incident response, and threat hunting activities. The role involves handling complex security incidents, developing detection use cases, and improving SOC maturity through automation and optimization.

Key Responsibilities

• Lead end-to-end incident handling for high-severity (P1/P2) incidents using Microsoft Sentinel.
• Perform deep-dive forensic analysis using KQL, Defender suite, and Azure AD signals.
• Investigate advanced attack patterns such as lateral movement, privilege escalation, persistence, and data exfiltration.
• Develop and optimize analytics rules, hunting queries, and dashboards.
• Map detections with MITRE ATT&CK framework.
• Optimize SIEM ingestion, connectors, and detection logic.
• Develop automation using Logic Apps playbooks.
• Integrate threat intelligence feeds and enable IOC correlation.
• Act as escalation point for L1/L2 analysts and support incident RCA.
• Prepare reports, dashboards, and ensure SLA/KPI tracking.
  
  

• Hands-on expertise in Microsoft Sentinel and Azure environments.
• Strong KQL (Kusto Query Language) skills.
• Experience with Microsoft Defender suite (MDE, MDI, MDO).
• Knowledge of endpoint, network, and identity security.
• Understanding of MITRE ATT&CK framework.
• Experience with APIs, Logic Apps, and scripting (PowerShell/Python).
  
  

• Experience with other SIEM tools like Splunk or QRadar.
• Exposure to UEBA and XDR platforms.
• Basic knowledge of digital forensics and malware analysis.
  
  

• SC-200: Security Operations Analyst
• AZ-500: Azure Security Engineer
• CEH, GCIH or equivalent certifications
  
  

• 5?8 years in SOC/Cybersecurity
• 2?3 years of hands-on Microsoft Sentinel experience
  
  

• Reduction in MTTD and MTTR
• Improved detection accuracy
• Reduced false positives
• Enhanced automation coverage
  
  

• Improves threat detection in cloud-native environments
• Reduces response time through automation
• Enhances security visibility
• Optimizes SIEM cost and performance