Microsoft Security (Sentinel) Automation & Detection Engineer

A multinational semiconductor and software design company is seeking a Microsoft Security (Sentinel) Automation & Detection Engineer for a 6-month contract to start ASAP, based in Cambridge (Hybrid), Inside IR35

Role Overview:
Utilising knowledge of security operations, incident response, and detection engineering, you will be responsible for the delivery of Microsoft SIEM detections and security automations.
The successful candidate will be proficient in automation and orchestration tools (e.g., SOAR platforms, scripting languages like Python, PowerShell, KQL) and have experience with integrating security tools (e.g., SIEM, EDR, firewalls) APIs, and Case Management tools for data enrichment.

Key Skills and Experience
Experience contributing to large-scale, sprint-based, security automation and detection engineering projects in a SOC/ Cyber Defense or similar environment
Recent hands-on experience with managing and implementing Microsoft Sentinel log sources and detection, with knowledge of the related technical best practices in Sentinel and Azure specifically across
Sentinel Content Hub,
Sentinel Analytics,
Sentinel Automation,
Azure Event Hub,
Azure Logic Apps
Azure Function Apps.
Experience in Sentinel/Analytics Rules/Logic App automations
KQL
Demonstrated ability in cybersecurity, with at least 5 years in a technical role in security operations and/or security software development.
Solid understanding of security operations, automations standard processes, detection engineering and SIEM management.
Experience with cloud security tools and platforms and their integration into SOC operations.

Responsibilities:
Lead technical migration of log sources into Microsoft Sentinel SIEM.
Build security automations, logging, and SIEM detections to improve the Cyber Defence Operation's efficiency, scalability, and incident response capabilities.
Design, implement, and maintain automated workflows and playbooks to streamline CDO operations, including incident response, threat hunting, cyber threat intelligence and vulnerability management.
Collaborate with Cyber Defence Operation analysts to identify repetitive tasks and automate them to improve operational efficiency.
Collaborate with Threat Intelligence, Incident Response, and Attack Surface Management to build and tune robust SIEM detections for both proactive and reactive response actions.
Continuously evaluate automation solutions for performance, reliability, and scalability, making improvements, as necessary.
Collaborate with third-party vendors and service providers to leverage automation opportunities and ensure successful integrations.

Desirable Skills and Experience:
Vendor-specific certifications for Security orchestration, automation, and response (SOAR) platforms
Ability to develop and implement long-term automation strategies aligned with security operation objectives.
Ability to translate technical concepts into clear, actionable insights for technical and non-technical partners.
Meticulous focus on ensuring accuracy, reliability, and security in automation workflows

#4698063 - Karl Randall