This is a remote position.
Job Summary
Our customer requires third-party expertise in Microsoft Sentinel skills to define, build and test security use cases in collaboration with the wider security functions defined in the operating model.
These third-party engineering services will coordinate with team members across Secure Place, Comms and Collab, and SMI, as these are the key stakeholders defined in the Cyber SOC Factory Model, they are the primary contributors/users of its inputs/outputs along with various other product and operational teams to discover and prioritise security use cases achieved through analysis of data sources being ingested into customer’s Microsoft Sentinel instance. This will ensure they have relevant mitigating controls in place for risks and control gaps defined as part of our Security Risk Management process.
THIS IS A SoW BASED ENGAGEMENT, AND PAYMENTS ARE MILESTONE BASIS I.E., AGAINST CUSTOMER APPROVED DELIVERY NOTE FOR EACH MILESTONE.
Responsibilities & Duties
Procure Security Engineering support to undertake the tasks to define and build security use cases within MS Sentinel, by analysing data sources and events from across all of customer’s integrating products. With a built-in knowledge transfer element to pass knowledge and skills to customer’s engineering colleagues. Work will be outcome based and payments will be tied to delivery milestones.
Strategic:
-<span style="font:7pt "Times New Roman""> Analyse customer’s requirements and priorities to collaborate in delivering against their wider strategic roadmap.
-<span style="font:7pt "Times New Roman""> Help configure and develop customer’s Azure Subscription that hosts their Sentinel production instance
-<span style="font:7pt "Times New Roman""> Mature customer’s monitoring, alerting, hunting, reporting based on data ingested into Sentinel (specifically on Azure/M365 logs)
-<span style="font:7pt "Times New Roman""> Improve customer’s security status by reducing risks and attacks against their Azure / M365 environments
-<span style="font:7pt "Times New Roman""> Help discover threat vectors to customer’s Azure / M365 environments
-<span style="font:7pt "Times New Roman""> Provide guidance on how to best meet industry best practices for the deployment and operational live service of Sentinel
Tactical:
-<span style="font:7pt "Times New Roman""> Co-Design, Develop, Deploy and Review Sentinel Analytics rules
-<span style="font:7pt "Times New Roman""> Co-Design, Develop, Deploy and Review Sentinel Workbooks and Notebooks
-<span style="font:7pt "Times New Roman""> Co-Design, Develop, Deploy and Review Sentinel automation and integration playbooks
-<span style="font:7pt "Times New Roman""> Configure and optimise (health and cost) our Sentinel connected Log Analytics Workspace
-<span style="font:7pt "Times New Roman""> Co-Design, Develop, Deploy and Review our Syslog Connector
Essential Skills
·<span style="font:7pt "Times New Roman""> Prior experience in analyzing customer’s requirements and priorities to collaborate in delivering against our wider strategic roadmap
·<span style="font:7pt "Times New Roman""> Prior experience in configuring and developing Azure Subscription that hosts customer’s Sentinel production instances.
·<span style="font:7pt "Times New Roman""> Excellent in monitoring, alerting, hunting, reporting based on data ingested into Sentinel (Specifically on Azure/M365 logs)
·<span style="font:7pt "Times New Roman""> Prior expertise in providing customer’s security status by reducing risks and attacks against customer’s Azure/M365 environment.
·<span style="font:7pt "Times New Roman""> Discovering threat vectors to customer’s Azure / M365 environment.
·<span style="font:7pt "Times New Roman""> Co-Design, Develop, Deploy and Review Sentinel Analytics rules.
·<span style="font:7pt "Times New Roman""> Co-Design, Develop, Deploy and Review Sentinel Workbooks and Notebooks
·<span style="font:7pt "Times New Roman""> Co-Design, Develop, Deploy and Review Sentinel automation and integration playbooks
·<span style="font:7pt "Times New Roman""> Configure and optimize (health and cost) customer’s Sentinel connected Log Analytics Workspace
·<span style="font:7pt "Times New Roman""> Co-Design, Develop, Deploy and Review our SysLog Connector
·<span style="font:7pt "Times New Roman""> Experience using security products such as XDR, EDR, IDS/IPS, SOAR
·<span style="font:7pt "Times New Roman""> Deep understanding of risk assessment and management methods
·<span style="font:7pt "Times New Roman""> Experience working with various multi-disciplined teams in an agile manner
·<span style="font:7pt "Times New Roman""> Regulatory compliance experience such as GDPR, NIST, ISO 27001.
·<span style="font:7pt "Times New Roman""> Proficiency in KQL for advanced query writing
·<span style="font:7pt "Times New Roman""> Proven ability in designing, developing and automation incident response playbooks
·<span style="font:7pt "Times New Roman""> Experience securing environments across multiple cloud providers
Nice to have Skills
·<span style="font:7pt "Times New Roman""> Producing technical documentation in alignment with organizational standards.
·<span style="font:7pt "Times New Roman""> Taking lead during technical workshops to define specific use case requirements
·<span style="font:7pt "Times New Roman""> Highlighting technical or process dependencies and working with business stakeholders to negotiate resolutions
·<span style="font:7pt "Times New Roman""> Proposing optimal reporting methods of delivered security use cases to demonstrate control effectiveness
·<span style="font:7pt "Times New Roman""> Knowledge of ITSM products such as ServiceNow
·<span style="font:7pt "Times New Roman""> Experience in designing and implementing machine learning models or advanced analytics for anomaly detection
·<span style="font:7pt "Times New Roman""> Knowledge of other SIEM platforms
·<span style="font:7pt "Times New Roman""> Experience in leading or managing a SOC, with a deep understanding of SOC workflows, KPI's and operational challenges
·<span style="font:7pt "Times New Roman""> Knowledge of securing containerised environments
Background Check Required
Not Required
Benefits
·<span style="font:7pt "Times New Roman""> Weekly Hours: 40 Hours.
·<span style="font:7pt "Times New Roman""> Day Rate: £ 825.00 plus VAT all-inclusive basis.
·<span style="font:7pt "Times New Roman""> Over time: Yes (subject to project manager’s written approval)
·<span style="font:7pt "Times New Roman""> Expenses Allowed: No
·<span style="font:7pt "Times New Roman""> Extension: Possible
·<span style="font:7pt "Times New Roman""> Language: Fluent in English.
·<span style="font:7pt "Times New Roman""> IR35 regulation applicable.
Additional Assessment
·<span style="font:7pt "Times New Roman""> Interview
·<span style="font:7pt "Times New Roman""> Presentation
Evaluation Weighting
·<span style="font:7pt "Times New Roman""> Technical competence - 60%
·<span style="font:7pt "Times New Roman""> Cultural fit - 20%
·<span style="font:7pt "Times New Roman""> Price - 20%
The latest news, articles, and resources, sent to your inbox weekly.
This is a remote position.JobSummaryOur customer requires thirdparty expertise inMicrosoft Sentinel skills to define build and test security usecases in collaboration with the wider security functions defined inthe operating model.These thirdpartyengineering services will coordinate with team members acrossSecure Place Comms and Collab and SMI as these are the keystakeholders defined...
Mindverse Consulting Services London