SIEM Engineer – Microsoft Sentinel

JOB DESCRIPTION

We are seeking a skilled and motivated SIEM Engineer with deep expertise in Microsoft Sentinel to join our Security Operations team. This role is responsible for designing, implementing, and maintaining our SIEM infrastructure, enabling proactive threat detection, incident response, and compliance reporting. The ideal candidate will have hands-on experience with Sentinel, KQL (Kusto Query Language), and Azure-native security tools.

Responsibilities :

SIEM Engineering & Administration

Design, deploy, and maintain Microsoft Sentinel SIEM infrastructure.

Develop and optimize data connectors for log ingestion from cloud, on-prem, and hybrid sources.

Manage and tune analytic rules, workbooks, playbooks, and automation workflows.

Threat Detection & Response Enablement

Create and refine KQL queries for custom detection use cases.

Collaborate with Threat Intelligence and SOC teams to operationalize threat indicators and behavioral analytics.

Support incident investigation through log enrichment and correlation.

Monitoring & Performance

Ensure high availability and performance of Sentinel components.

Monitor ingestion costs and optimize data retention policies.

Implement health checks and alerting for SIEM infrastructure.

Compliance & Reporting

Assist in generating reports for regulatory and audit requirements.

Maintain documentation for SIEM architecture, data flows, and detection logic.

Collaboration & Continuous Improvement

Work closely with cloud, infrastructure, and application teams to onboard new log sources.

Stay current with Microsoft Sentinel roadmap and security best practices.

Participate in purple team exercises and detection gap analysis.

Qualifications :

3 years of experience in SIEM engineering or security operations.

2 years of hands-on experience with  Microsoft Sentinel .

Proficiency in  KQL (Kusto Query Language) .

Strong understanding of  Azure Security Center, Defender for Cloud, Log Analytics , and related services.

Experience with  incident response ,  threat detection , and  log management .

Familiarity with  MITRE ATT&CK ,  NIST , or other security frameworks.

Microsoft certifications (e.g., SC-200, AZ-500).

Experience with  Azure Logic Apps ,  Microsoft Defender XDR , or  M365 security tools .

Scripting experience (PowerShell, Python) for automation.

Exposure to SOAR platforms and playbook development.

Benefits :

This is a hybrid position with on-site presence required based on business needs

Private Medical Insurance

Asociacion Solidarista

Life Insurance

Personal Day Off