SIEM Engineer – Microsoft Sentinel

Remote- C2C

Qualifications:

Education:

BA/BS degree in Computer Science, Business Management, or an IT-related field.

Experience:

Three (3) years’ experience with Azure Sentinel.

Three (3) years’ experience with Kusto Query Language (KQL).

One (1) year of experience in Information Security.

Certification:

Active Microsoft Security Operations Analyst Associate certification.

Scope of Work:

The SIEM Engineer will design, implement, and manage the Microsoft Sentinel SIEM solution within the Judiciary, focusing on data collection, analysis, and visualization to monitor, detect, and respond to security threats. Key responsibilities include:

Essential Functions:

SIEM Configuration:

Design and deploy SIEM resources, including analytics rules, playbooks, Azure logic apps, and data connectors.

Optimize SIEM configurations for efficient data storage, retrieval, and search capabilities.

Data Collection and Integration:

Collaborate with system owners to identify data sources and drive initiatives to ingest system data.

Develop data ingestion strategies and set up data source integration for various log and event data types.

Implement data normalization and transformation processes for consistent analysis.

Dashboard and Visualization Development:

Design and create interactive dashboards, reports, and visualizations.

Present data insights clearly and support decision-making processes.

Develop data visuals for SOC display screens.

Search, Queries, and Alerts:

Develop and optimize analytics rules and alert mechanisms for monitoring security threats and operational issues.

Configure alerts to trigger automated responses or notifications.

SIEM App Development:

Build custom SIEM apps and add-ons to extend functionality.

Collaborate with development teams to integrate SIEM with other systems and tools.

Security and Compliance:

Implement security controls and best practices to protect SIEM data.

Monitor and analyze security events to detect and respond to threats.

Performance Optimization:

Monitor system performance and troubleshoot issues related to data indexing, search performance, and resource utilization.

Implement optimizations to enhance SIEM efficiency and responsiveness.

Training and Documentation:

Provide training and guidance on Microsoft Sentinel best practices, usage, and administration to JIS SOC team members.

Create documentation for configurations, processes, and troubleshooting procedures.

• This comprehensive role requires a strong blend of technical skills, hands-on experience with Microsoft Sentinel, and the ability to collaborate with various stakeholders to optimize data intelligence and enhance security operations.