Security Engineer Microsoft Defender

Posted 3 days 23 hours ago by Yacht

Permanent
Not Specified
Other
Noord-Holland, Amsterdam, Netherlands
Job Description

Functieomschrijving

We are seeking a skilled Security Engineer with expertise in Microsoft Defender and endpoint security , threat management products to join our team. In this role, you will be responsible for tuning and optimizing security use cases across Microsoft 365 Defender, Sentinel, and other E5 capabilities. Developing, maintaining, and optimizing security policies and procedures related to Microsoft Defender for Endpoint. They will be expected to deploy, test, and validate new policies to ensure seamless integration and deployment in the production environment.

Key Responsibilities:

  • Endpoint policy development, Use Case Tuning and Optimization:
    • Developing, maintaining, and optimizing security policies and procedures related to Microsoft Defender for Endpoint. Validate the policy's effectiveness and functionality before full deployment.
    • Design, implement, and refine security use cases across Microsoft E5 tools, including but not limited to Microsoft Sentinel, Defender for Endpoint, Entra Identity Protection, Defender for Identity, and Microsoft Defender for Cloud Apps.
  • Collaboration and Alignment:
    • Work closely with incident response, threat intelligence, and SOC teams to align detection use cases with evolving threat landscapes.
    • Collaborate with various business units to understand operational requirements and incorporate them into use case fine tuning.
  • Documentation and Training:
    • Document detection logic and tuning methodologies to ensure knowledge transfer and consistency.
    • Train team members on the effective use of tuned security configurations and tools.

Functie-eisen
  • Bachelor's degree in Cybersecurity, Information Technology, or related field, or equivalent professional experience.
  • 3-5 years of experience in cybersecurity roles, with a focus on EDR and SIEM, detection engineering, policy implementation or security monitoring.
  • Proficiency in Microsoft E5 security tools, including Sentinel and Defender Suite.
  • Strong knowledge of KQL (Kusto Query Language) for crafting Sentinel queries and detection rules.
  • Experience with SIEM tuning, reducing false positives, and incident investigation.
  • Familiarity with security frameworks like MITRE ATT&CK and NIST Cybersecurity Framework.

Preferred:

  • Microsoft certifications, such as SC-200 (Microsoft Security Operations Analyst) and AZ-500 (Azure Security Engineering Associate)

  • Experience in Microsoft Defender administration and tuning
  • Strong understanding of threat hunting methodologies and advanced persistent threat (APT) tactics.
  • Ability to work independently and collaboratively in a fast-paced environment.