MICROSOFT SENTINEL IMPLEMENTATION SECURITY ENGINEER

We are seeking a skilled and proactive Microsoft Sentinel Implementation Security Engineer to lead the deployment, integration, and optimization of Microsoft Sentinel across hybrid cloud and on-premises environments. This role involves hands-on implementation, automation, and operational enablement of Sentinel SIEM / SOAR capabilities, ensuring seamless log ingestion, threat detection, and incident response.

Collector and Agent Configuration

• Setup and configure any required Sentinel collectors, e.g., Azure Monitor Agent (AMA), Syslog / CEF connectors, or custom collectors.
• Ensure high availability and redundancy of log forwarding infrastructure.
• Document all collector configurations and network requirements (ports, protocols, firewall rules).

Log Source Onboarding and Data Connector Configuration

• identify all existing log sources currently reporting to QRadar.
• Map each log source to the corresponding Microsoft Sentinel data connector.
• Enable and configure all required built-in data connectors (Syslog, CEF, AMA, API-based, etc.).
• Configure all initiatives and policies to ensure complete coverage in sentinel across all subscription.
• Configure diagnostic settings for Azure-native services / workloads to send logs to Sentinel.
• Set up event forwarding, agents, or collectors where required (e.g., AMA, Log Forwarders).

Parsing and Data Normalization

• Validate that all onboarded log sources are properly parsed and mapped to standard schemas (ASIM or Microsoft-recommended tables).
• Create or update custom parsers (Kusto Function-based) if needed.
• Ensure enrichment fields and key attributes are properly extracted for security analytics.
• Implement logic to monitor log stoppages based on historical EPS (Events Per Second) for each onboarded device / log source.
• Configure Alerts / Workbooks in Sentinel for real-time visibility on ingestion issues.
• Automate EPS trend monitoring and anomaly detection (e.g., through Scheduled Analytics Rules or Logic Apps).

Use Case and Detection Logic Migration

• Perform gap analysis between QRadar rules / use cases and Sentinel Analytics Rules.
• Rebuild use cases in Sentinel using Kusto Query Language (KQL) for Analytics Rules, Hunting Queries, and Workbook visuals.
• Reconfigure alerting logic, severity, suppression, and incident creation behavior.
• Validate detection logic with test logs or simulations where possible.

Documentation and Handover

• Maintain complete documentation of :
• Sentinel architecture and configuration
• Onboarded log sources and connectors
• Custom parsers and rules
• Use cases mapping (QRadar to Sentinel)
• Monitoring and alerting configuration

Handover and Training

Provide training / workshops to internal SOC or engineering team on Sentinel management.

Handover all configuration artifacts and credentials.

Support and Post-Implementation Validation

Assist in UAT (User Acceptance Testing) and fine-tuning of rules.

Provide escalation support for any ingestion or detection issues.

Preferred Certifications :

• Microsoft Certified : Security Operations Analyst Associate (SC-200)
• Microsoft Certified : Azure Security Engineer Associate
• Other relevant certifications (e.g., CISSP, CEH, CompTIA Security+)

Vertical

Technology

Security Engineer • Abu Dhabi, Abu Dhabi, United Arab Emirates