Security Operations Engineer

PROFIL

• 3–5+ years in Security Operations, Endpoint Security, and Vulnerability Management.
• Strong knowledge of Microsoft Defender’s Security Portfolio’s and Cloud Native Azure Security.
• Familiar with CIS benchmark, CVSS, MITRE ATT&CK, NIST; scripting (PowerShell/KQL) is a plus.
• Comprehensive knowledge of Microsoft and Linux operating systems, enabling effective endpoint security, monitoring, and incident response including hardening
• Certifications like SC-200, AZ-500 are an advantage.
•  Analytical, structured, and communicative team player

AUFGABEN

• Develop and maintain integrations across Microsoft Defender XDR, Microsoft Sentinel, Microsoft Entra, and other security platforms.
• Build and optimize detection logic including KQL queries, analytics rules, watchlists, and workbooks.
• Engineer and manage data pipelines for log ingestion, enrichment, normalization, and third‑party connector integrations.
• Develop automation and SOAR playbooks using Logic Apps to streamline response, enrichment, and workflow processes.
• Create and maintain internal tooling using PowerShell, Python, Microsoft Graph API, and Defender APIs.
• Monitor and optimize platform health, ensuring data quality, connector reliability, and ingestion performance.
• Implement detection engineering lifecycle management (tuning, validation, versioning, monitoring).
• Collaborate with cross‑functional teams (SOC, Cloud, Infrastructure) and provide documentation, standards, and enablement