Information Security Engineer - Security Operations (SOC)

The Information Security SOC Engineer is a hands'on cybersecurity professional responsible for engineering, operating, and automating detection and response capabilities. The engineer designs and maintains content in Microsoft Sentinel (data connectors, analytics rules, hunting queries, workbooks), enhances protections with Microsoft Defender (Endpoint/XDR, Office 365, Identity), and builds automation using Azure Logic Apps., Typical duties may include: Detection Engineering & SIEM Operations (Microsoft Sentinel and Rapid 7) ' Own Sentinel content lifecycle including data ingestion, analytic rules, KQL queries, UEBA tuning, watchlists, and dashboards. ' Develop hunting queries and proactive threat detection logic. ' Implement incident enrichment and correlation across multiple data sources. Endpoint, Email, and Identity Protection (Microsoft Defender) ' Engineer configurations within Microsoft Defender for Endpoint/XDR, Defender for Office 365, and Identity protection. ' Integrate Defender alerting with Sentinel for enhanced detection correlation. Automation & Orchestration (Azure Logic Apps) ' Build, deploy, and manage Logic Apps SOAR playbooks for automated triage, enrichment, and response. ' Implement approval flows, track automation metrics, and improve MTTR. Incident Response & Collaboration ' Support containment, eradication, and recovery of security incidents. ' Conduct post-incident reviews and update detection logic and processes accordingly.

Runbooks, Documentation & Continuous Improvement ' Maintain engineering runbooks, playbooks, and process documentation. ' Track SOC metrics and produce security operational dashboards.

' Bachelor's degree in Cybersecurity/IT or equivalent experience. ' 2'4+ years in SOC, SIEM engineering, or detection/response roles. ' Experience building automation. ' Strong understanding of incident response and MITRE ATT&CK. ' Experience integrating MSSP feeds and third-party tools. ' Certifications such as SC'200, SC'100, AZ'500, Security+, CEH ' Strong analytical and communication skills. ' Team-oriented with a positive and professional approach.

Preferred Qualifications: ' Hands'on experience with Microsoft Sentinel (KQL, analytics rules, workbooks, connectors). ' Hands'on experience with Microsoft Defender (Endpoint/XDR, Office 365, Identity). ' Scripting experience (PowerShell, Python). ' Experience building automation using Azure Logic Apps.