Senior Microsoft Sentinel / SIEM Engineer

Social network you want to login/join with:

Cloud Decisions

High Wycombe, United Kingdom

Other

Yes

6

06.06.2025

21.07.2025

Job Title:

To £85,000 + Benefits + Microsoft

Fully Remote, UK

(*Global Microsoft Managed MISA Partner

+ complex Sentinel Engineering/Integration)

This is a standout opportunity for a Microsoft Sentinel expert to step into a high-impact, technically advanced role with a global security Microsoft powerhouse.

You'll be joining a Microsoft managed global partner, a prominent MISA member, a team with Security MVPs, and a Microsoft Verified Safe XDR Solution Partner, and a trusted Security Depth Partner.

In short, giving you unparalleled access to Microsoft’s security product roadmap, security previews, and frontline support.

You'll work at the front line of cyber defence, directly contributing to investigations involving nation-state threat actors (including IR, CH, and NK based campaigns) while refining your craft across enterprise-scale log ingestion and customised Sentinel integration engineering that will stretch your skills, give you opportunities to ingest complex logs from a variety of cloud and data sources, and learn as you go.

You'll own and optimise enterprise-wide log onboarding into Microsoft Sentinel – deploying standard and custom connectors, Function Apps, and parsers to build tailored SIEM solutions that drive real-world threat detection and response.

• Log ingestion at scale across numerous hybrid and multi-cloud environments
• Enhance custom Function Apps and ingestion pipelines
• Parse, normalise, and optimise log telemetry to ensure precision and cost control
• Partner with IR teams on real attacks – tuning rules against live threat actor activity
• Sync closely with Microsoft teams to build cutting-edge detection capabilities
• Contribute to internal knowledge base and help shape engineering standards

• Experience building and integrating complex Microsoft Sentinel at SMC and enterprise levels
• Understanding of security telemetry across identity, endpoint, cloud, and network layers
• Experience in SIEM content development, including KQL, analytics rules, and custom data connectors
• Scripting and engineering skills – Python, PowerShell, APIs, Function Apps
• A background in cyber threat detection, incident response or DFIR is a plus
• Comfortable working in fast-paced, customer-facing delivery environments

• PowerShell, Python, REST APIs
• Log ingestion and parsing across multiple platforms (Azure/AWS/GCP, M365, Defender, Entra, Copilot, Carbon Black, Okta, Tier 1 Network vendors)
• MITRE ATT&CK, threat detection frameworks, IOC enrichment
• Ability to troubleshoot and resolve issues independently
• Sentinel/Log Analytics Cost Management and Data Optimisation

• Direct access to Microsoft Sentinel product teams and early feature previews
• Involvement in real-world nation-state attack detection
• Opportunity to stretch and sharpen your Sentinel skills
• Be part of a Microsoft Security elite MISA and Depth partner
• Exposure to multi-cloud detection and advanced security automation
• Fully remote, flexible work culture with global team collaboration
• Recognition, career growth, and development within a respected global Microsoft security consultancy