Security Engineer responsible for managing Microsoft Sentinel and Defender XDR systems at Cyderes, a cybersecurity service provider. Focused on detection engineering and platform optimization in a hybrid work setting.
Responsibilities
Support intake process including coverage for Eastern Standard Time business hours as required
Administer and maintain Microsoft Sentinel and Defender XDR environments across managed clients
Perform health monitoring of Log ingestion pipelines, Data connector status, Automation playbooks, Analytics rule performance
Monitor ingestion volumes and support cost optimization initiatives
Assist in tenant standardization across multi-client MSSP environments
Onboard new data sources into Microsoft Sentinel following established SOPs
Validate connectivity, Confirm correct parsing and schema normalization
Ensure events are visible and queryable in Log Analytics
Integrate Microsoft Defender data sources: Defender for Endpoint, Defender for Identity, Defender for Office 365, Defender for Cloud Apps
Validate data integrity and entity mapping
Troubleshoot ingestion or connector issues across Azure and third-party integrations
Develop and maintain analytics rules (Scheduled, NRT, Fusion)
Create and tune detection logic using KQL
Reduce false positives through structured tuning and rule refinement
Map detections to MITRE ATT&CK framework
Improve alert fidelity and correlation between Defender XDR and Sentinel
Maintain dashboards, workbooks, and reporting artifacts
Assist in building reusable hunting and detection libraries
Monitor Sentinel and Defender XDR alerts
Perform Tier 2 triage and investigation of escalated alerts
Provide clear documentation and escalation to MDR/SOC teams
Support root cause investigations for platform or telemetry issues
Assist with containment automation where applicable
Develop and maintain Azure Logic App playbooks
Automate response actions such as Device isolation, User disablement, IP blocking, Ticket creation
Follow change management processes for configuration updates
Test changes in lower environments when applicable
Contribute to Runbooks, Standard operating procedures, Onboarding checklists, Detection documentation
Document false positives and data quality issues
Provide tuning feedback to senior engineers and architecture teams
Stay current on Microsoft security roadmap changes
Participate in internal training and knowledge-sharing sessions
Requirements
Diploma or Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related field (or equivalent experience)
3–5 years of experience in IT security, SOC, or security engineering roles
Minimum 2 years hands-on experience with Microsoft Sentinel
Experience with Microsoft Defender XDR suite
Experience in MSSP or customer-facing environments preferred
Exposure to multi-tenant environments (Azure Lighthouse preferred)
Strong working knowledge of Microsoft Sentinel
Strong working knowledge of Microsoft Defender XDR
Strong working knowledge of Azure Log Analytics
Proficiency in KQL
Understanding of Windows & Linux logs
Understanding of Azure AD / Entra ID
Understanding of Networking fundamentals (TCP/IP, ports, firewalls, proxies)
Understanding of Authentication & authorization models
Experience with Azure Logic Apps
Experience with REST APIs
Experience with PowerShell or Python scripting
Understanding of MITRE ATT&CK framework
Familiarity with MDR operational workflows
Strong analytical and problem-solving skills
Clear written and verbal communication
Ability to document investigations and platform changes thoroughly
Customer-focused mindset
Benefits
Health insurance
Flexible work arrangements
Professional development
Job title
Security Engineer II – Microsoft Sentinel, Defender XDR
Safety Specialist focused on fortifying safety culture through engineering and efficiency measures. Managing compliance and conducting training in a hybrid work setting.
Manufacturing Security Specialist ensuring safe and secure satellite manufacturing at ICEYE. Focused on protecting facilities, production, and sensitive information from threats.
Information Security Specialist responsible for implementing security solutions in Tokio Marine. Analyzing and enhancing cybersecurity architectures and tools for diverse IT projects.
Entra ID Security Specialist developing Identity & Access Management solutions focusing on Microsoft Entra ID. Strategically enhancing modern identity and security architectures in a hybrid work environment.
Senior Staff IT Security Auditor leading complex audit engagements for WGU. Strengthening security posture while mentoring junior analysts and collaborating across teams.
Support security operations by handling incidents and providing first - line support for ICEYE. This includes incident management to ensure timely action by the appropriate teams.
Facility Security Specialist at ICEYE ensuring secure operations through defense - grade security practices. Protecting personnel, facilities, classified information, and compliance with national standards.
Cybersecurity Engineer developing and implementing information security programs at Arcwood. Collaborating with IT to support production environment and maintain security operations.