Microsoft Sentinel SIEM Engineer at Cornerstone TTS
Lake Mary, FL
About the Job
CornerStone TTS is Hiring a Microsoft Sentinel SIEM Engineer!
Are you an experienced Microsoft Sentinel SIEM Engineer residing in AZ, TX, GA, FL, NC, SC, KY, or IN? CornerStone TTS has an exciting remote opportunity for you! We want to talk to you today!
Job Description
As a Microsoft Sentinel SIEM Engineer, you will be responsible for designing, implementing, and managing the Microsoft Sentinel SIEM solution to collect, analyze, and visualize data from various sources within our client's infrastructure. This role involves managing the SIEM environment, creating dashboards, and ensuring effective use of SIEM's capabilities to monitor, detect, and respond to security threats and operational insights for the Security Analysts. The Microsoft Sentinel SIEM Engineer will work closely with security analysts and stakeholders to optimize data intelligence and drive informed incident detection and response.
Essential Functions
1. SIEM Configuration
- Design and deploy SIEM resources, including configuring analytics rules, playbooks, Azure logic apps, and data connectors.
- Optimize SIEM configurations to ensure efficient data storage, retrieval, and search capabilities.
2. Data Collection and Integration
- Collaborate with system owners to identify available data sources and drive initiatives to ingest that system data.
- Develop data ingestion strategies, create data inputs, and set up data source integration for various log and event data types.
- Design and implement data normalization and transformation processes for consistent and accurate analysis.
3. Dashboard and Visualization Development
- Design and create interactive dashboards, reports, and visualizations using SIEM's capabilities.
- Present data insights in a clear and actionable manner to support decision-making processes.
- Develop data visuals for the SOC displays screens.
4. Search, Queries, and Alerts
- Develop and optimize analytics rules and alert mechanisms to proactively monitor for security threats, anomalies, and operational issues.
- Configure alerts to trigger automated responses or notifications based on predefined criteria.
5. SIEM App Development
- Build custom SIEM apps and add-ons to extend functionality and support specific client requirements.
- Collaborate with development teams to integrate SIEM with other systems and tools.
6. Security and Compliance
- Implement security controls and best practices to protect data stored in SIEM and ensure compliance with relevant regulations and standards.
- Monitor and analyze security-related events to detect and respond to potential threats.
7. Performance Optimization
- Monitor system performance and troubleshoot issues related to data indexing, search performance, and resource utilization.
- Implement optimizations to enhance SIEM's efficiency and responsiveness.
8. Training and Documentation
- Provide training and guidance to other SOC team members on Microsoft Sentinel best practices, usage, and administration.
- Create documentation for configurations, processes, and troubleshooting procedures.
### Skills, Experience, & Capabilities
Technical Skills:
- Recent experience with the administration and management of Microsoft Sentinel.
- Experience developing, compiling, and executing KQL queries.
- Strong aptitude to learn platforms, work with stakeholders, and customize and maintain platforms to meet organizational business needs.
- Experience generating playbooks and using Azure logic apps for security orchestration, automation, and response.
- Experience in querying, reviewing, and providing contextual information from log data.
- Proficient in the use of M365 Office suite of tools.
- **Communication Skills:**
- Excellent verbal and written communication skills.
- Ability to establish and maintain effective working relationships with peers, end users, and vendor development staff, as well as all levels of management.
Problem-Solving Abilities:
- Ability to analyze complex technical challenges and propose effective solutions.
Place of Performance
- Work will be performed 100% remotely at a suitable off-site location.
- On-site support may be required with 72 hours' notice to report to a designated location.
Schedule & Coordination
- Perform work during normal operating hours, Monday through Friday, 8:00 AM to 4:30 PM Eastern Standard Time (EST).
- Flexibility to extend coverage hours to meet deadlines, with manager approval.
- Must be available to work a flexible schedule, including evenings, nights, weekends, and holidays as required.
- A 2-4 week training period will be provided.
Interview Process
- Shortlisted candidates will complete a panel interview, which may include a written exam to assess technical expertise.
Ready to join our team? Apply today and start your journey with CornerStone TTS!