Security Operations Engineer - Cybersecurity Focus

- Design, deploy, and refine detections in Microsoft Sentinel, including analytic rules, workbooks, watchlists, and automation through Logic Apps and Playbooks. - Develop incident response runbooks and orchestration processes for triage, enhancement, and response leveraging Sentinel automation. - Oversee log onboarding pipelines, data connectors, and normalization within Log Analytics to ensure comprehensive coverage of in-scope resources. - Perform daily SecOps activities including alert triage, investigations, threat hunting, containment, and reviews post-incident. - Utilize Defender for Cloud, Defender for Cloud Apps, Entra ID Protection, and Microsoft Defender XDR signals to detect and address threats. - Maintain documentation of evidence and audit-ready case records, supporting POA&M entries and necessary corrective actions. - Address misconfigurations and enforce control measures utilizing recommendations from Defender for Cloud, Secure Score, and Azure Policy. - Collaborate with platform engineering to fix vulnerabilities and manage configuration drift, ensuring timely closures aligned with FedRAMP standards. - Maintain baseline guardrails via Azure Policy and Blueprints, while overseeing compliance and exceptions through Continuous Monitoring reporting. - Establish and implement least-privilege access protocols with Entra ID, PIM, Conditional Access, RBAC, and managed identities. - Coordinate the use of FIPS 140-2 validated cryptography via Key Vault and ensure that encryption standards for both data at rest and in transit are met and demonstrable. - Manage Azure Firewall, NSGs, Private Link, and DDoS Protection, monitoring for and rectifying anomalies. - Ensure complete logging and telemetry for network controls are retained, accessible, and analyzable within Sentinel. - Produce monthly and quarterly artifacts for Continuous Monitoring and uphold necessary supporting evidence. - Update detection coverage documentation, control implementation narratives, and operational runbooks as environmental changes occur. - Work closely with compliance stakeholders and assessors, facilitating interviews, gathering evidence, and tracking remediation efforts. - Integrate security checks seamlessly into CI/CD pipelines using native solutions and support policy adherence and validation. - Uphold rigorous change management protocols, ensuring all modifications are recorded accurately in the SSP, control evidence, and detection measures.