Description
Microsoft Security - Defender Sentinel - Hybrid - Outside IR35
IT Security Engineer responsible for supporting the deployment of Microsoft Defender to all endpoints globally.
Support deployment of Microsoft Defender to all endpoints (Servers, Laptops and Desktops).
Ensure that the policies applied to the endpoints offer equivalent protection to current tools.
Ensure that the deployment is performed in line with the bank's policies and procedures.
Ensure that the correct level of monitoring and alerting is configured in Microsoft Sentinel.
Remediate issues that arise in the deployment of Microsoft Defender.
Knowledge/Experience
Proven experience as a Security Engineer with a focus on endpoint security.
Previous experience deploying Microsoft Defender.
Relevant Microsoft Certifications.
Excellent problem-solving skills and the ability to troubleshoot complex security issues.
Strong understanding of cybersecurity principles, threat landscapes & mitigation strategies.
Experience with endpoint management and security tools.
Understanding and implementation of the IT Security environment, policies, guidelines and standards, including awareness of ISO 27001/2
Expertise with EDR, Vulnerability management, MITRE attack framework and Incident response.
Expert knowledge of Microsoft Defender (including Defender XDR), including policy configuration and ASR rules.
Experience deploying Microsoft Defender via Microsoft Intune, SCCM and Azure ARC.
Experience with Microsoft Sentinel, including integration and advanced query writing using KQL (Sentinel Analytics, Hunts and Notebooks).
Experience managing Sentinel log ingestion (Azure Monitoring Agent, DCRs, LogStash).
Experience with other SIEM technologies (LogRhythm).
Experience with McAfee/Trellix (removal from endpoints).
Knowledge of integrating Sentinel with Service Now.
Sentinel Use Case development.