Senior Microsoft Sentinel / SIEM Engineer

Social network you want to login/join with:

Client: Cloud Decisions

Location: West London, United Kingdom

Job Category: Other

EU work permit required: Yes

3

31.05.2025

15.07.2025

Job Title:

To £85,000 + Benefits + Microsoft

Fully Remote, UK

(*Global Microsoft Managed MISA Partner

+ complex Sentinel Engineering/Integration)

The Opportunity

This is a standout opportunity for a Microsoft Sentinel expert to step into a high-impact, technically advanced role with a global security Microsoft powerhouse.

You'll be joining a Microsoft managed global partner, a prominent MISA member, a team with Security MVPs, and a Microsoft Verified Safe XDR Solution Partner, and a trusted Security Depth Partner.

This role provides unparalleled access to Microsoft’s security product roadmap, security previews, and frontline support.

You will work at the forefront of cyber defence, directly contributing to investigations involving nation-state threat actors (including IR, CH, and NK based campaigns), while refining your skills across enterprise-scale log ingestion and customised Sentinel integration engineering. This role offers the chance to ingest complex logs from various cloud and data sources and to learn and develop these skills as you go.

The Role

You will own and optimise enterprise-wide log onboarding into Microsoft Sentinel – deploying standard and custom connectors, Function Apps, and parsers to build tailored SIEM solutions that enhance threat detection and response.

• Log ingestion at scale across hybrid and multi-cloud environments
• Enhance custom Function Apps and ingestion pipelines
• Parse, normalise, and optimise log telemetry for accuracy and cost efficiency
• Partner with IR teams on active threats – tuning rules based on live threat actor activity
• Collaborate with Microsoft teams to develop advanced detection capabilities
• Contribute to internal knowledge sharing and engineering standards

What’s needed?

• Experience building and integrating complex Microsoft Sentinel solutions at SMC and enterprise levels
• Understanding of security telemetry across identity, endpoint, cloud, and network layers
• Experience in SIEM content development, including KQL, analytics rules, and custom data connectors
• Scripting and engineering skills – Python, PowerShell, APIs, Function Apps
• A background in cyber threat detection, incident response, or DFIR is a plus
• Ability to work effectively in fast-paced, customer-facing environments

The Technical Skills:

• PowerShell, Python, REST APIs
• Log ingestion and parsing across platforms (Azure, AWS, GCP, M365, Defender, Entra, Copilot, Carbon Black, Okta, Tier 1 Network vendors)
• Knowledge of MITRE ATT&CK, threat detection frameworks, IOC enrichment
• Problem-solving ability is crucial
• Sentinel/Log Analytics Cost Management and Data Optimisation

What’s In It for You?

• Direct access to Microsoft Sentinel product teams and early feature previews
• Involvement in real-world nation-state attack detection
• Opportunities to develop and refine Sentinel expertise
• Being part of a Microsoft Security elite MISA and Depth partner
• Exposure to multi-cloud detection and advanced security automation
• Fully remote, flexible work culture with global team collaboration
• Recognition, career growth, and development within a respected security consultancy