We are seeking a highly skilled Microsoft Sentinel Expert to lead and manage security information and event management (SIEM) solutions across our enterprise environment. The ideal candidate will have in-depth knowledge and hands-on experience with Microsoft Sentinel and Azure security technologies, and will play a key role in threat detection, incident response, and improving the overall security posture.
Ready to apply for roles like this?
Unlock the company name and direct application link. Subscribers get instant access to fresh jobs across Dubai, Abu Dhabi and Riyadh, many with visa support.
Unlock employer & apply directly
Location: Riyadh, Saudi Arabia
Work Conditions: Hybrid, Full-time
Key Responsibilities:
- Design, implement, and manage Microsoft Sentinel SIEM solutions across hybrid and multi-cloud environments.
- Develop and optimize analytic rules, playbooks, workbooks, and custom connectors to support advanced threat detection and response.
- Integrate Sentinel with Azure Defender, Microsoft 365 Defender, Microsoft Purview, and third-party tools.
- Perform threat hunting, investigation, and incident response using Sentinel.
- Implement Log Analytics and ensure effective log ingestion and parsing for relevant sources (firewalls, endpoints, applications, etc.).
- Conduct periodic tuning of rules to minimize false positives and improve detection accuracy.
- Create custom dashboards and reports for SOC and executive stakeholders.
- Stay up to date with Microsoft security product updates, threat intelligence, and industry best practices.
- Collaborate with SOC analysts, security engineers, and IT teams for continuous improvement.
Qualifications:
- Bachelor’s degree in Computer Science, Information Security, or a related field.
- Minimum 5 years of experience in cybersecurity, with at least 3 years in SIEM solutions.
- Proven experience specifically in Microsoft Sentinel implementation, configuration, and administration.
- Solid knowledge of Kusto Query Language (KQL).
- Experience with Azure Monitor, Log Analytics, Azure Security Center, and Microsoft Defender XDR.
- Understanding of MITRE ATT&CK, threat intelligence, and incident response frameworks.
Technical Skills:
- Microsoft Sentinel (SIEM)
- Kusto Query Language (KQL)
- Azure Security Center / Defender for Cloud
- Microsoft 365 Defender, Defender for Endpoint
- Azure Logic Apps (Playbooks)
- Security Operations / Threat Hunting
- Log ingestion and normalization
- SOAR platforms and automation
Functional Skills:
- Strong analytical and problem-solving capabilities
- Strong experience in Microsoft Sentinel deployment and configuration
- Hands-on experience in SEIM integration projects
- Effective communication and reporting skills
- Ability to work under pressure in fast-paced environments
- Collaborative mindset with cross-functional teams
Preferred Certifications:
- Microsoft Certified: Security Operations Analyst Associate
- Microsoft Certified: Azure Security Engineer Associate
- SC-200: Microsoft Security Operations Analyst
- SC-100: Microsoft Cybersecurity Architect