Microsoft Sentinel Administrator

- Administer, configure, and uphold Microsoft Sentinel in a federal or enterprise setting. - Oversee Sentinel workspaces, data connectors, analytics rules, watchlists, workbooks, automation rules, and playbooks. - Configure and resolve issues with log ingestion from Microsoft and third-party sources, including Microsoft Defender XDR and other security platforms. - Create, refine, and manage KQL queries aimed at threat detection, investigative activities, dashboards, and reporting. - Develop and enhance analytics rules for improved detection accuracy and to minimize false positives. - Support Security Operations Center (SOC) operations by optimizing alert triage, escalation workflows, case management, and incident response procedures. - Construct and maintain Microsoft Sentinel workbooks and dashboards for operational and compliance reporting. - Design and support automation initiatives using Logic Apps, playbooks, and workflow integrations. - Provide assistance with threat hunting, security investigations, and root cause analysis. - Integrate Microsoft Sentinel with other Microsoft security solutions when applicable. - Champion Zero Trust and cloud security monitoring initiatives. - Document configurations, standard operating procedures, detection logic, playbooks, and changes. - Participate in change management and security control validation activities. - Monitor performance, data utilization, retention, and ingestion trends within Sentinel. - Suggest enhancements to detection coverage, log source onboarding, automation, and SOC maturity. - Partner with Zvolvant AI and cybersecurity teams to explore AI-enabled security operations capabilities.