Microsoft Sentinel Expert | Immediate Joiner

We are seeking a highly skilled Microsoft Sentinel Expert to lead and manage security information and event management (SIEM) solutions across our enterprise environment. The ideal candidate will have in-depth knowledge and hands-on experience with Microsoft Sentinel and Azure security technologies, and will play a key role in threat detection, incident response, and improving the overall security posture.

Location: Riyadh, Saudi Arabia
Work Conditions: Hybrid, Full-time

Key Responsibilities:

• Design, implement, and manage Microsoft Sentinel SIEM solutions across hybrid and multi-cloud environments.
• Develop and optimize analytic rules, playbooks, workbooks, and custom connectors to support advanced threat detection and response.
• Integrate Sentinel with Azure Defender, Microsoft 365 Defender, Microsoft Purview, and third-party tools.
• Perform threat hunting, investigation, and incident response using Sentinel.
• Implement Log Analytics and ensure effective log ingestion and parsing for relevant sources (firewalls, endpoints, applications, etc.).
• Conduct periodic tuning of rules to minimize false positives and improve detection accuracy.
• Create custom dashboards and reports for SOC and executive stakeholders.
• Stay up to date with Microsoft security product updates, threat intelligence, and industry best practices.
• Collaborate with SOC analysts, security engineers, and IT teams for continuous improvement.

Qualifications:

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• Minimum 5 years of experience in cybersecurity, with at least 3 years in SIEM solutions.
• Proven experience specifically in Microsoft Sentinel implementation, configuration, and administration.
• Solid knowledge of Kusto Query Language (KQL).
• Experience with Azure Monitor, Log Analytics, Azure Security Center, and Microsoft Defender XDR.
• Understanding of MITRE ATT&CK, threat intelligence, and incident response frameworks.

Technical Skills:

• Microsoft Sentinel (SIEM)
• Kusto Query Language (KQL)
• Azure Security Center / Defender for Cloud
• Microsoft 365 Defender, Defender for Endpoint
• Azure Logic Apps (Playbooks)
• Security Operations / Threat Hunting
• Log ingestion and normalization
• SOAR platforms and automation

Functional Skills:

• Strong analytical and problem-solving capabilities
• Strong experience in Microsoft Sentinel deployment and configuration
• Hands-on experience in SEIM integration projects
• Effective communication and reporting skills
• Ability to work under pressure in fast-paced environments
• Collaborative mindset with cross-functional teams

Preferred Certifications:

• Microsoft Certified: Security Operations Analyst Associate
• Microsoft Certified: Azure Security Engineer Associate
• SC-200: Microsoft Security Operations Analyst
• SC-100: Microsoft Cybersecurity Architect