Sentinel Specialist

Job Description – Sentinel Specialist

Designation: Sentinel Specialist

Job Role: Collaborate with the global leadership team in terms of being accountable for Microsoft SIEM Sentinel services for global customers that includes presales, consulting, implementation, service delivery, customer management, team management and service operations.

Experience: Minimum 5 to 7+ years of hands‑on relevant experience in managing cyber security IT projects delivered globally with excellent customer satisfaction

Shifts: Day Shifts. However, the resource may need to work Flexible Hours to provide extended support & be available on call when required.

• Assess the current SIEM environment and requirements of the clients and propose a migration plan to Sentinel.
• Configure and deploy Sentinel connectors, workbooks, analytics rules, playbooks, and dashboards.
• Integrate Sentinel with other Azure and third‑party security services and tools.
• Perform data ingestion, normalization, enrichment, and correlation using Sentinel's built‑in and custom log sources and parsers.
• Plan and execute migrations from other SIEM platforms (such as Splunk, ArcSight, QRadar, etc.) to Microsoft Sentinel.
• Develop migration strategies, including data migration, log source integration, and configuration transfer.
• Optimize Sentinel's performance, scalability, and reliability.
• Monitor and troubleshoot Sentinel's health and operational issues.
• Provide training and documentation to the clients on how to use and manage Sentinel.
• Stay updated on Sentinel's latest features, updates, and best practices.
• Develop and maintain documentation, including deployment guides, runbooks, and best practices.

• In‑depth design and implementation experience in implementing Microsoft Sentinel for global customers.
• Must have done at least 3 major Sentinel implementations using Light House.
• Expertise in creating use cases and playbooks based on industry best practices.
• Must have implemented custom log sources and use cases.
• Must have customer‑facing experience in terms of doing POCs.
• Providing standard gap analysis services to internal business and technology partners.
• Good understanding of IT security policy, procedure, design, and implementation.
• In‑depth experience in managing security incidents and critical alerts.
• Expertise in KQL language.
• Expertise in dashboard creation for various customers.
• Configuring deployment and prevention policies based on business risks.
• Experience in handling correlation of alerts and reports in Sentinel.
• Basic knowledge of security models such as ITIL, ISO27002, PCI DSS and Cobit 5.
• SC‑200 Certification (Microsoft Security Operations Analyst) or SC‑900 Certification.
• Bachelor’s degree preferably in Computer Science or Information Systems and /or equivalent formal training or work experience.

• Effective interpersonal, team building, team management and communication skills.
• Ability to collaborate; be able to communicate clearly and concisely both to laypeople and peers, be able to follow instructions, make a team stronger for your presence and not weaker.
• Ability to see the bigger picture and differing perspectives; to compromise, to balance competing priorities, and to prioritize the user.
• Desire for continuous improvement, of the worthy sort; always be learning and seeking improvement, avoid change aversion and excessive conservatism, equally avoid harmful perfectionism, not‑invented‑here syndrome and damaging pursuit of the bleeding edge for its own sake.
• Learn things quickly, while working outside the area of expertise.
• Analyze a problem and realize exactly what all will be affected by even the smallest of change you make in your design.
• Ability to communicate complex technology to non‑tech audience in simple and precise manner.

• Bachelor's degree in Computer Science, Engineering, or related field, or equivalent work experience.
• At least 7+ years of experience in deploying and managing SIEM solutions, such as Splunk, QRadar, ArcSight, or LogRhythm.
• At least 1 year of experience in migrating from other SIEM tools to Sentinel.
• Strong knowledge of Azure cloud services and security features.
• Proficient in PowerShell, Azure CLI, Kusto Query Language (KQL), and Logic Apps.
• Familiar with security standards and frameworks, such as NIST, ISO, and CIS.
• Excellent communication, presentation, and problem‑solving skills.
• Certifications in Azure Security, Sentinel, or other SIEM tools are preferred.