Security Software Engineer 2

With Microsoft Sentinel, Microsoft is redefining SIEM (Security Information and Event Management) for the cloud era. It leverages cutting-edge cloud technology, big data, machine learning and AI to empower Security Operations Centers to defend against increasingly sophisticated and rapidly evolving cyberthreats.

Our team is growing and we’re looking for a passionate Software Security Engineer to join us in our journey. This position is a unique opportunity to be part of a world class team, building one of the most exciting products in the cybersecurity space from the ground up.

We are looking for a passionate Software Security Engineer that will be part of a new team that will focus on building, enhancing, and supporting integrations and solutions on top of the Microsoft Sentinel platform - at scale. Building Microsoft Sentinel’s solutions include creating configuration-based integrations with other products to ingest data into Microsoft Sentinel, defining schemas, authoring new detections, building interactive dashboards, and automating incident response workflows via SOAR playbooks that help SOC analysts identify and respond to cyber threats.

If you are passionate about finding creative ways to leverage new technologies, customer obsessed and want to be part of a growing team and inspire others in this journey, then this is the role for you.

We are a global team that has a strong drive for results and believes that effective collaboration is how we all achieve more. This role requires cross-team and cross-geo collaboration. The ideal candidate should have a demonstrated track record of cross-team and customer engagement.

Responsibilities
• As a Security Engineer, you will be responsible for all aspects of Sentinel out of the box solutions including research, architecture, development, and implementation.
• Design, develop, test, and deliver high quality Sentinel solutions that help Sentinel customers in data normalization, detection, investigation and remediation of incidents, data visualizations, threat hunting, and analytics.
• Stay on top of SIEM, XDR and SOAR industry trends and contribute with new ideas to influence Microsoft Sentinel solutions and out of the box content.
• Work across teams in Microsoft Sentinel, Defender and in other geographies like Israel, United States to drive Sentinel solutions.
• Participate in periodic on-call rotations to handle service incidents, incident postmortem etc.

Qualifications

Required Qualifications:
• BS or MS degree in Computer Science or related engineering discipline.
• 3+ years of hands-on software design, developing, deploying, and coding experience with any one of the programming languages such as Python, Go, C# or Java
• 3+ years working in cyber security (Information Security, InfoSec, SecOps, Security Operations, SOC, CSOC, etc.) with experience in security engineering, data engineering, automation of analysis, response, or forensics.
• Hands on experience with many information security tools such as SIEM, XDR, EDR, Firewalls, IDS/IPS, DLP, Vulnerability Management, etc.

Preferred Qualifications
• Hands-on Experience in the development of automation or tools with at least one programming language.
• Skilled working in development of security content such as detections, data normalization (parsers), SOAR playbooks, and integrations between devices.
• Experience working with large data sets to answer complex questions, using tools like: SQL, KQL, U-SQL
• Hands-on experience building Azure-based services with Azure Resource Manager (ARM), ARM templates, ARM policy, IaaS, Logic apps, App services, KeyVault, Microsoft Entra ID etc.
• Experience in Product research such as understanding product features and integrations.
• Familiarity with SIEM / SOAR solutions such as Microsoft Sentinel, Splunk, QRadar etc.
• Understanding / experience with Playbooks, Workbooks, Analytic rules, Notebooks, Azure Functions and KQL queries within Microsoft Sentinel or similar experience in other SIEM solutions such as Splunk, QRadar will be a plus.
• Familiarity with developer environment tools like Continuous Integration/Continuous Delivery (CI/CD), Azure DevOps, GitHub, and Agile Scrum
• Ability to collaborate with different teams and disciplines.
• Must be a quick learner and expectation to learn new tools and techniques every day.
• Excellent problem solving, analytical and debugging skills.
• Good written and verbal communication skills
• Exposure in migration from one SIEM to another SIEM will be a plus
• Having security industry certifications like CISSP, CCSP, AZ-500 etc. will be a plus

Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, *** (including pregnancy), ****** orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations