SOC Engineer Azure

Overview

The Azure Security Engineer will support Security Operations Center (SOC) functions by securing, monitoring, and responding to threats across Microsoft Azure and hybrid environments. This role focuses on cloud security operations, detection engineering, incident response support, and continuous improvement of Azure security posture.

Responsibilities

• Support SOC operations by monitoring, investigating, and responding to security incidents in Azure environments.
• Configure, manage, and tune Microsoft Sentinel analytics rules, workbooks, and automation (Logic Apps).
• Integrate Azure security logs and telemetry into the SIEM, ensuring visibility across cloud and hybrid workloads.
• Respond to Azure security alerts from services such as Microsoft Defender for Cloud, Defender for Endpoint, Defender for Identity, and Entra ID (Azure AD).
• Conduct threat analysis, root cause investigations, and provide actionable remediation recommendations.
• Support incident response activities including containment, eradication, and recovery in Azure environments.
• Enhance detection coverage by developing use cases aligned to MITRE ATT&CK.
• Collaborate with SOC analysts, threat intelligence teams, and cloud engineering teams.
• Ensure compliance with security policies, regulatory requirements, and industry best practices.
• Provide support for platform-level security issues impacting monitoring or response.
  
  

• Strong hands-on experience securing Microsoft Azure environments.
• Experience supporting SOC operations, incident investigations, or security monitoring.
• Proficiency with Microsoft Sentinel (analytics rules, KQL, workbooks, automation).
• Good understanding of Azure networking, identity, resource management, and logging.
• Experience with Microsoft Defender security suite.
• Working knowledge of cloud attack techniques and detection strategies.
• Familiarity with SIEM, SOAR, and incident response processes.
• Ability to work in a 24x7 SOC environment (shift-based, if required).
  
  

• Azure Monitor, Log Analytics, Kusto Query Language (KQL)
• Microsoft Sentinel
• Microsoft Defender for Cloud, Defender for Endpoint, Defender for Identity
• Entra ID (Azure AD), RBAC, Conditional Access
• Azure virtual networks, firewalls, NSGs, and security controls
• SOAR platforms and automated response workflows
  
  

• Bachelor’s degree in Computer Science, Cybersecurity, or related field
• Preferred certifications:
• AZ-500: Azure Security Engineer Associate
• SC-200: Microsoft Security Operations Analyst
• SC-100, CISSP, or equivalent (advantage)