Security Operations Lead designing Microsoft Sentinel and managing security operations at PwC. Collaborating with teams to enhance client security through advanced technology.
Responsibilities
Design and implement Microsoft Sentinel as the primary SIEM platform
Develop advanced detection content including analytics rules, hunting queries, workbooks, and threat models
Integrate and manage XDR across endpoints, identity, cloud apps, and email
Lead MCP integration by connecting Microsoft Copilot for Security with Sentinel, SOAR, and cloud services
Operationalize AI workflows for triage, enrichment, and investigation
Build and maintain playbooks using Logic Apps, Azure Automation, PowerShell, and Python
Develop SOAR workflows that reduce manual steps and accelerate incident response times
Establish and lead a program for automated patch management
Requirements
5+ years of experience in security operations, SIEM engineering, or security monitoring with Microsoft technologies
Proven experience implementing and tuning Microsoft Sentinel detections, investigations, dashboards, and automation playbooks in enterprise environments
Experience integrating Defender XDR, identity, endpoint, email, and cloud telemetry to support unified detection and response workflows
Strong knowledge of Microsoft Sentinel architecture, analytics rules, workbooks, KQL, data connectors, and log normalization practices
Good understanding of Defender XDR, Microsoft 365 security, Entra ID, Azure security services, and hybrid cloud security operations
Familiarity with incident response lifecycle, threat detection engineering, vulnerability management, and control frameworks like CIS and NIST.
IAM Operations Lead responsible for daily administration, governance, and security of identity infrastructure, ensuring correct access and minimizing risks.
CSOC Analyst responsible for managing security incidents and threat investigation at Just Eat Takeaway. Working with an internal team to detect, investigate, and respond to significant threats.
Security Operations Engineer at Supabase providing front - line coverage for security alerts and customer security tickets. Supporting internal IT operations and improving security processes in a remote setup.
SecOps Engineer integrating security into development processes for Lido Protocol. Collaborating on security practices, incident management, and developer training.
SOC Operator managing 24/7 command centre operations for the Toronto Jewish community. Support during emergencies, manage incidents, and conduct thorough record - keeping.
Security Operations Analyst monitoring and investigating security threats across enterprise systems. Collaborating with teams on incident response and threat intelligence activities.
Manager of Security Operations at Match Group overseeing detection engineering, security operations, and incident response. Leading a high - performing team to maximize threat response capabilities.
Senior SecOps Analyst overseeing end - to - end vulnerability management processes. Collaborating with teams to enhance security measures in a hybrid workplace.
SOC Analyst supporting 24/7 operational capabilities in cybersecurity at Starling. Collaborating with global teams to protect customers and assets through incident response and investigations.