MICROSOFT SENTINEL IMPLEMENTATION SECURITY ENGINEER

We are seeking a skilled and proactive Microsoft Sentinel Implementation Security Engineer to lead the deployment, integration, and optimization of Microsoft Sentinel across hybrid cloud and on-premises environments. This role involves hands-on implementation, automation, and operational enablement of Sentinel SIEM / SOAR capabilities, ensuring seamless log ingestion, threat detection, and incident response. Collector and Agent Configuration Setup and configure any required Sentinel collectors, e.g., Azure Monitor Agent (AMA), Syslog / CEF connectors, or custom collectors. Ensure high availability and redundancy of log forwarding infrastructure. Document all collector configurations and network requirements (ports, protocols, firewall rules). Log Source Onboarding and Data Connector Configuration identify all existing log sources currently reporting to QRadar. Map each log source to the corresponding Microsoft Sentinel data connector. Enable and configure all required built-in data connectors (Syslog, CEF, AMA, API-based, etc.). Configure all initiatives and policies to ensure complete coverage in sentinel across all subscription. Configure diagnostic settings for Azure-native services / workloads to send logs to Sentinel. Set up event forwarding, agents, or collectors where required (e.g., AMA, Log Forwarders). Parsing and Data Normalization Validate that all onboarded log sources are properly parsed and mapped to standard schemas (ASIM or Microsoft-recommended tables). Create or update custom parsers (Kusto Function-based) if needed. Ensure enrichment fields and key attributes are properly extracted for security analytics. Implement logic to monitor log stoppages based on historical EPS (Events Per Second) for each onboarded device / log source. Configure Alerts / Workbooks in Sentinel for real-time visibility on ingestion issues. Automate EPS trend monitoring and anomaly detection (e.g., through Scheduled Analytics Rules or Logic Apps). Use Case and Detection Logic Migration Perform gap analysis between QRadar rules / use cases and Sentinel Analytics Rules. Rebuild use cases in Sentinel using Kusto Query Language (KQL) for Analytics Rules, Hunting Queries, and Workbook visuals. Reconfigure alerting logic, severity, suppression, and incident creation behavior. Validate detection logic with test logs or simulations where possible. Documentation and Handover Maintain complete documentation of : Sentinel architecture and configuration Onboarded log sources and connectors Custom parsers and rules Use cases mapping (QRadar to Sentinel) Monitoring and alerting configuration Handover and Training Provide training / workshops to internal SOC or engineering team on Sentinel management. Handover all configuration artifacts and credentials. Support and Post-Implementation Validation Assist in UAT (User Acceptance Testing) and fine-tuning of rules. Provide escalation support for any ingestion or detection issues. Preferred Certifications : Microsoft Certified : Security Operations Analyst Associate (SC-200) Microsoft Certified : Azure Security Engineer Associate Other relevant certifications (e.g., CISSP, CEH, Comp TIA Security+) Vertical Technology Security Engineer • Abu Dhabi, Abu Dhabi, United Arab Emirates #J-18808-Ljbffr