Azure Sentinel Sr analyst

Responsibilities:

• Thoroughly investigate security incidents escalated by L1 analysts, going beyond initial alerts to understand the full scope and impact.
• Analyze complex security events, logs, and incident data from various sources integrated into Azure Sentinel.
• Determine if a security event is a genuine incident and classify its severity.
• Utilize Azure Sentinel's investigation graph to explore entities, connections, and timelines of attacks.
• Proactively search for undetected threats within the organization's Azure environment and connected data sources using Kusto Query Language (KQL) in Azure Sentinel.
• Lead and coordinate incident response activities, including containment, eradication, and recovery from security incidents
• Develop and maintain incident response playbooks within Azure Sentinel.
• Execute automated response actions through Sentinel playbooks, such as blocking IPs, isolating compromised systems, or enriching incident data.
• Collaborate with other security teams (e.g., L1, L3, forensic teams), IT, and business stakeholders to resolve incidents effectively.
• Document findings, actions taken, and lessons learned to improve future incident response procedures.

Desired Skills and Qualifications:

• Deep expertise in Microsoft Sentinel: Including data connectors, analytics rules, workbooks, hunting queries, incidents, and automation (Logic Apps/Playbooks).
• Kusto Query Language (KQL) mastery: Essential for advanced threat hunting, data analysis, and rule creation in Sentinel.
• Understanding of Azure security services: Strong knowledge of Azure Security Center/Defender for Cloud, Azure Active Directory (now Microsoft Entra ID), Azure Monitor, Azure Networking, and other relevant Azure services.
• SOAR (Security Orchestration, Automation, and Response): Experience in building and optimizing playbooks using Azure Logic Apps within Sentinel.
• MITRE ATT&CK Framework: Ability to map security events and detections to MITRE ATT&CK tactics and techniques for comprehensive threat analysis.
• Cloud Security Concepts: A solid understanding of cloud computing security principles, especially within the Azure ecosystem.