SCE (Security Correlation Engineer) - Sentinel
Remote
We are seeking a highly skilled Security Correlation Engineer (SCE) with expertise in Microsoft Sentinel to join our dynamic Security Operations team. The ideal candidate will be responsible for designing, implementing, and managing complex security correlation rules and use cases to enhance our organization's security posture. You will work closely with other security professionals to identify, analyze, and mitigate threats using Sentinel.
Key Responsibilities:
- Develop and implement security correlation rules and use cases within Microsoft Sentinel to detect and respond to threats.
- Create and maintain custom workbooks, dashboards, and alerts tailored to organizational needs.
- Design and deploy advanced analytics and threat-hunting techniques to improve incident detection capabilities.
- Analyze security alerts and incidents to determine the nature and severity of potential threats.
- Investigate and respond to security incidents, ensuring timely and accurate resolution.
- Collaborate with the incident response team to support investigations and remediation efforts.
- Integrate Sentinel with various security data sources, such as firewalls, endpoint protection, and network devices.
- Optimize the performance and accuracy of security monitoring and alerting systems.
- Tune and refine correlation rules to reduce false positives and improve detection efficiency.
- Develop and maintain comprehensive documentation for security correlation rules, use cases, and procedures.
- Prepare and present reports on security incidents, trends, and system performance to management.
- Work closely with other IT and security teams to ensure seamless integration of Sentinel with existing security tools and processes.
- Stay current with the latest security threats, vulnerabilities, and trends to continuously enhance the effectiveness of Sentinel deployment.
- Evaluate and recommend new tools, technologies, and methodologies to improve security operations.
Qualifications and Experience:
- Proven experience with Microsoft Sentinel or similar SIEM solutions.
- Hands-on experience in developing and managing security correlation rules, use cases, and analytics.
- Strong understanding of network protocols, operating systems, and common security threats.
- Proficiency in query languages such as Kusto Query Language (KQL) used in Sentinel.
- Excellent analytical and problem-solving skills with a keen attention to detail.