About the Job:

The Security Engineer ll – Microsoft Sentinel & Defender XDR plays a critical engineering role within Cyderes' Managed Sentinel SIEM and MDR services.

You will go beyond basic platform administration. The Security Engineer ll is responsible for detection engineering, platform optimization, onboarding lifecycle execution, and Defender XDR integration. You will be a trusted technical resource to clients, ensuring you configure, improve, and improve their Microsoft security ecosystem. You will represent and promote the Cyderes brand by collaborating to exceed client expectations.

Responsibilities:

Platform Engineering & Administration

• Support intake process including coverage for Eastern Standard Time business hours.
• Administer and maintain Microsoft Sentinel and Defender XDR environments across managed clients
• Perform health monitoring of:
  
• Log ingestion pipelines
• Data connector status
• Automation guides
• Analytics rule performance
• Monitor ingestion volumes and support cost optimization projects
• Help with tenant standardisation across multi-client MSSP environments

Log Source Onboarding & Integration

• Onboard new data sources into Microsoft Sentinel following established SOPs:
  
• Validate connectivity
• Confirm correct parsing and schema normalisation
• Ensure events are visible and queryable in Log Analytics
• Integrate Microsoft Defender data sources:
  
• Defender for Endpoint
• Defender for Identity
• Defender for 365
• Defender for Cloud Apps
• Validate data integrity and entity mapping
• Troubleshoot ingestion or connector issues across Azure and third-party integrations

Detection Engineering & Use Case Development

• Develop analytics rules (Scheduled, NRT, Fusion)
• Create and tune detection logic using KQL
• Reduce false positives through structured tuning and rule refinement
• Map detections to MITRE ATT&CK framework
• Improve alert fidelity and correlation between Defender XDR and Sentinel
• Maintain dashboards, workbooks, and reporting artefacts
• Help build reusable hunting and detection libraries

Monitor & Incident Support

• Monitor Sentinel and Defender XDR alerts
• Perform Tier 2 evaluation and investigation of escalated alerts
• Provide clear documentation and escalation to MDR/SOC teams
• Support cause investigations for platform or telemetry issues
• Help with containment automation where applicable

Automation & SOAR

• Develop Azure Logic App guides
• Automate response actions such as:
  
• Device isolation
• User disablement
• IP blocking
• Ticket creation
• Follow change management processes for configuration updates
• Test changes in lower environments when applicable

Documentation & Continuous Improvement

• Contribute to:
  
• Runbooks
• Standard operating procedures
• Onboarding checklists
• Detection documentation
• Document false positives and data quality issues
• Provide tuning feedback to senior engineers and architecture teams
• Stay current on Microsoft security roadmap changes

Participate in internal training and knowledge-sharing sessions

Requirements

Education

• Diploma or Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field (or equivalent experience)

Experience

• 3–5 years of experience in IT security, SOC, or security engineering roles
• Minimum 2 years hands-on experience with Microsoft Sentinel
• Experience with Microsoft Defender XDR suite
• Experience in MSSP or customer-facing environments
• Exposure to multi-tenant environments (Azure Lighthouse)

Technical Skills

• Working knowledge of:
  
• Microsoft Sentinel
• Microsoft Defender XDR
• Azure Log Analytics
• Proficiency in KQL
• Understanding of:
  
• Windows & Linux logs
• Azure AD / Entra ID
• Networking fundamentals (TCP/IP, ports, firewalls, or proxies)
• Authentication and authorization models
• Experience with:
  
• Azure Logic Apps
• REST APIs
• PowerShell or Python scripting
• Understanding of MITRE ATT&CK framework
• Familiarity with MDR operational workflows

Certifications

• SC-200 (Microsoft Security Operations Analyst)
• AZ-500 (Azure Security Engineer)
• SC-100 (Cybersecurity Architect)
• Security+
• Relevant Microsoft Defender certifications

Soft Skills

• Document investigations and platform changes thoroughly
• Customer-focused mindset
• Balance operational and engineering responsibilities