The Sentinel Content Engineer is responsible for designing implementing tuning and maintaining Microsoft Sentinel content to enable effective detection response and automation within the Client Security Operations Center (CSOC). This role ensures that Sentinel provides high-fidelity detections automated response capabilities and actionable dashboards aligned with the threat landscape and client requirements. The engineer works closely with SOC analysts (L1/L2) threat intelligence teams and client stakeholders to develop and continuously improve security use cases analytics rules and playbooks.
In this role you'll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers) where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology.
Security Consultant - Intelligence & Operations
β’ Microsoft Sentinel Expertise β’ Strong hands-on experience with Microsoft Sentinel (SIEM + SOAR). β’ Proficiency in KQL (Kusto Query Language) for writing and optimizing queries. β’ Experience with Logic Apps for playbook creation and orchestration. β’ Familiarity with Microsoft security stack (Defender EOP Azure Security Center). β’ Detection & Response Engineering β’ Ability to translate threat intelligence and MITRE ATT&CK techniques into detection logic. β’ Experience tuning detections to balance coverage and noise reduction. β’ Knowledge of incident response workflows and SOC operations. β’ Automation & Scripting β’ Proficiency with PowerShell Python or other scripting languages for automation. β’ Experience with API integrations (REST Graph API). β’ Log Management & Data Analysis β’ Understanding of common log sources (Windows Event Logs network devices cloud services). β’ Experience with log normalization parsing and schema mapping (ASIM). β’ Soft Skills & Behavioral Competencies β’ Strong problem-solving and analytical mindset. β’ Ability to communicate complex technical concepts to analysts and stakeholders. β’ Proactive in identifying improvements and proposing new detection/automation content. β’ High attention to detail with commitment to documentation and knowledge sharing.
β’ Bachelorβs degree in Cybersecurity Computer Science or equivalent experience. β’ 3β5 years of experience in SOC SIEM engineering or security content development. β’ Microsoft Security certifications preferred: o SC-200 (Microsoft Security Operations Analyst) o SC-100 (Microsoft Cybersecurity Architect) o AZ-500 (Azure Security Engineer Associate) β’ Other security certifications a plus (GCIA GCTI Splunk Certified etc.).