Who we are
NTT DATA Romania is looking for passionate Engineers for designing and improving security solutions and to offer architecture consultancy within various projects and activities.
We are seeking a highly skilled and experienced Microsoft Sentinel Engineer at the senior level to join our dynamic team.
What you'll be doing
- Design, implement, and maintain Microsoft Sentinel deployments, ensuring optimal configuration, data ingestion quality, and alignment with organizational security objectives.
- Create, refine, and optimize detection rules, analytics, workbooks, and dashboards to support effective monitoring of cloud, hybrid, and on-premises environments.
- Develop advanced KQL queries to support threat detection, hunting, reporting, and operational efficiency.
- Build and maintain SOAR playbooks using Logic Apps to automate triage, response actions, and workflow orchestration.
- Lead threat hunting initiatives leveraging Microsoft Sentinel, Defender XDR suite data, and relevant threat intelligence sources.
- Produce comprehensive documentation, including use cases, detection logic, response procedures, runbooks, and architectural diagrams.
- Collaborate with SOC analysts, security engineers, cloud teams, and application owners to ensure cohesive incident response and coordinated remediation activities.
- Oversee the integration of new log sources, ensuring proper mapping, normalization, and adherence to governance and compliance standards.
- Conduct continuous tuning and performance optimization of alerts, analytic rules, and data connectors to improve signal-to-noise ratio.
- Provide guidance, mentorship, and technical leadership to junior team members and cross-functional IT staff.
- Linux proficiency
- Ansible/Terraform literate
- Available for 24x7 OnCall
- Effective communication and documentation skills (Visio preferred, any other diagraming tool is accepted).
What you'll bring along
- Bachelor’s degree in Information Security, Cybersecurity, Computer Science, or related field.
- Minimum 5-10 years of experience in a similar role
- Extensive hands-on experience administering and engineering solutions within Microsoft Sentinel, including custom analytics, automation, and log management.
- Strong proficiency in KQL with the ability to craft complex queries for detection, investigation, and reporting.
- Deep understanding of security monitoring, threat detection methodologies, and incident response practices.
- Deep understanding of log source onboarding in Sentinel.
- Practical experience with Microsoft Defender XDR solutions (Defender for Endpoint, Identity, Office 365, and Cloud Apps).
- Familiarity with cloud-native security architecture, particularly Azure services, identity management, and network security controls.
- Ability to translate technical concepts into clear, actionable guidance for various levels of stakeholders.
- Relevant certifications (e.g., SC-200, SC-100, AZ-500, CISSP, GIAC certifications).
- Experience integrating Sentinel with third-party log sources, SIEM platforms, and security tools.
- Knowledge of Python, Bash, PowerShell, or similar scripting languages to support automation and custom integrations.
- Background in SOC operations, threat hunting, detection engineering, or cloud security.
- Languages: English is mandatory, German an advantage