SIEM Automation Engineer

SIEM Automation Engineer - Leading Microsoft MSSP

An opportunity to work with one of the top 1% Microsoft MSSPs globally, where cutting-edge security solutions meet expert cyber defense. With a 16-person SOC team, this role offers the chance to automate, optimize, and strengthen security operations at scale.

A key position within a world-class MSSP, leveraging Microsoft Sentinel, Defender for Endpoint, and KQL to enhance threat detection, response, and security automation. Responsibilities include developing automated security workflows, streamlining investigations, and advancing proactive defense strategies.

Key Responsibilities:

• Design and implement automation workflows within Microsoft Sentinel for enhanced security operations.

• Monitor and respond to security incidents and alerts, ensuring the protection of our clients' data and infrastructure.

• Conduct in-depth threat hunting and forensic investigations using KQL.
• Optimize security processes with Defender for Endpoint to detect, contain, and remediate threats.
• Collaborate with security analysts, engineers, and SOC teams to develop automated responses to cyber threats.
• Continuously improve security monitoring strategies and contribute to the overall SIEM architecture.

Experience required:

• Proven experience working with Microsoft Sentinel and Defender for Endpoint.
• Strong proficiency in KQL for deep threat hunting and security analytics.
• Knowledge of SIEM automation, playbooks, and integrations.
• Experience in cybersecurity operations, threat detection, and incident response.
• Passion for security automation and proactive cyber defense strategies.

Paying up to 60k + on-call (65k total package)

Remote based.

Must be eligible for SC