Microsoft Sentinel Architect

Microsoft Sentinel Architect
Location: Remote

Job Summary

Design, deploy, and optimize Microsoft Sentinel (Azure's cloud-native SIEM/SOAR) architectures to enable enterprise threat detection, investigation, and automated response across hybrid/multi-cloud environments. Partner with SecOps, IT, and compliance teams to align Sentinel with business risks, scaling for high-volume data ingestion and real-time analytics.

Key Responsibilities

• Architect Sentinel workspaces, data connectors (Azure AD, Office 365, AWS, on-prem via AMA/Agents), and ingestion pipelines for logs, EDR, network flows, and third-party sources.
• Design analytics rules, KQL queries, workbooks, and ML-based anomaly detection for threat hunting, UEBA, and attack surface coverage.
• Build SOAR playbooks with Azure Logic Apps for automated triage, enrichment, and orchestration (e.g., integrate with ServiceNow, Teams, external APIs).
• Lead PoCs, migrations (e.g., from Splunk/QRadar), cost optimization (Log Analytics retention, commitments), and scalability for 10TB+/day ingestion.
• Integrate with Defender XDR, Azure security stack (Purview, AD, NSG), and partner ecosystems; establish governance for RBAC, data classification, and compliance reporting.
• Mentor SecOps teams on KQL, entity behaviour, incident management; create dashboards/metrics for hunting maturity and provide executive briefings.

Required Qualifications

• 10+ years in cybersecurity/SecOps, 3+ years hands-on with Sentinel including KQL mastery, workspace design, and playbook development.
• Deep Azure knowledge (Log Analytics, AD, Defender, Purview) plus SIEM experience (Splunk, Elastic); scripting in PowerShell/Python/BASH.
• Proven delivery of Sentinel deployments at enterprise scale with focus on performance tuning, cost control, and false positive reduction.