This is a remote position. Job Summary Our customer requires third-party expertise in Microsoft Sentinel skills to define, build and test security use cases in collaboration with the wider security functions defined in the operating model. These third-party engineering services will coordinate with team members across Secure Place, Comms and Collab, and SMI, as these are the key stakeholders defined in the Cyber SOC Factory Model, they are the primary contributors/users of its inputs/outputs along with various other product and operational teams to discover and prioritise security use cases achieved through analysis of data sources being ingested into customer’s Microsoft Sentinel instance. This will ensure they have relevant mitigating controls in place for risks and control gaps defined as part of our Security Risk Management process. THIS IS A SoW BASED ENGAGEMENT, AND PAYMENTS ARE MILESTONE BASIS I.E., AGAINST CUSTOMER APPROVED DELIVERY NOTE FOR EACH MILESTONE. Responsibilities & Duties Procure Security Engineering support to undertake the tasks to define and build security use cases within MS Sentinel, by analysing data sources and events from across all of customer’s integrating products. With a built-in knowledge transfer element to pass knowledge and skills to customer’s engineering colleagues. Work will be outcome based and payments will be tied to delivery milestones. Strategic: - Analyse customer’s requirements and priorities to collaborate in delivering against their wider strategic roadmap. - Help configure and develop customer’s Azure Subscription that hosts their Sentinel production instance - Mature customer’s monitoring, alerting, hunting, reporting based on data ingested into Sentinel (specifically on Azure/M365 logs) - Improve customer’s security status by reducing risks and attacks against their Azure / M365 environments - Help discover threat vectors to customer’s Azure / M365 environments - Provide guidance on how to best meet industry best practices for the deployment and operational live service of Sentinel Tactical: - Co-Design, Develop, Deploy and Review Sentinel Analytics rules - Co-Design, Develop, Deploy and Review Sentinel Workbooks and Notebooks - Co-Design, Develop, Deploy and Review Sentinel automation and integration playbooks - Configure and optimise (health and cost) our Sentinel connected Log Analytics Workspace - Co-Design, Develop, Deploy and Review our Syslog Connector Essential Skills · Prior experience in analyzing customer’s requirements and priorities to collaborate in delivering against our wider strategic roadmap · Prior experience in configuring and developing Azure Subscription that hosts customer’s Sentinel production instances. · Excellent in monitoring, alerting, hunting, reporting based on data ingested into Sentinel (Specifically on Azure/M365 logs) · Prior expertise in providing customer’s security status by reducing risks and attacks against customer’s Azure/M365 environment. · Discovering threat vectors to customer’s Azure / M365 environment. · Co-Design, Develop, Deploy and Review Sentinel Analytics rules. · Co-Design, Develop, Deploy and Review Sentinel Workbooks and Notebooks · Co-Design, Develop, Deploy and Review Sentinel automation and integration playbooks · Configure and optimize (health and cost) customer’s Sentinel connected Log Analytics Workspace · Co-Design, Develop, Deploy and Review our SysLog Connector · Experience using security products such as XDR, EDR, IDS/IPS, SOAR · Deep understanding of risk assessment and management methods · Experience working with various multi-disciplined teams in an agile manner · Regulatory compliance experience such as GDPR, NIST, ISO 27001. · Proficiency in KQL for advanced query writing · Proven ability in designing, developing and automation incident response playbooks · Experience securing environments across multiple cloud providers Nice to have Skills · Producing technical documentation in alignment with organizational standards. · Taking lead during technical workshops to define specific use case requirements · Highlighting technical or process dependencies and working with business stakeholders to negotiate resolutions · Proposing optimal reporting methods of delivered security use cases to demonstrate control effectiveness · Knowledge of ITSM products such as ServiceNow · Experience in designing and implementing machine learning models or advanced analytics for anomaly detection · Knowledge of other SIEM platforms · Experience in leading or managing a SOC, with a deep understanding of SOC workflows, KPI's and operational challenges · Knowledge of securing containerised environments Background Check Required Not Required Benefits · Weekly Hours: 40 Hours. · Day Rate: £ 825.00 plus VAT all-inclusive basis. · Over time: Yes (subject to project manager’s written approval) · Expenses Allowed: No · Extension: Possible · Language: Fluent in English. · IR35 regulation applicable. Additional Assessment · Interview · Presentation Evaluation Weighting · Technical competence - 60% · Cultural fit - 20% · Price - 20%
