About

Hello 🙂 I’m looking for a Microsoft Security Suite Professional / Security Engineer to provide remote advisory, and configuration assistance for our Microsoft Sentinel/Defender/Purview environment. Due to recent restructuring, we're short staffed and, need someone to assist me as I lack time to work on multiple projects at the same time. We're an educational organization and do have an external 24/7 SOC. You're will NOT be clearing alarms or incidents. I need someone to help me optimise and refine our current Security Operations capabilities. You will provide documented steps and configurations/ Queries (NO direct system access will be provided) for: -- Sentinel Automation, where you will design and provide the logic/code/queries for Sentinel Playbooks (Logic Apps) and Automation Rules. -- Cost Optimization by reviewing current data ingestion and retention policies to recommend and document actionable steps for optimizing Sentinel/Log Analytics costs. -- Develop and test new KQL-based Analytic Rules to enhance threat detection coverage. -- Log Ingestion from various sources like Syslog, CEF, custom connectors) into Sentinel. -- other stuff like risk assessment for a component/ widget/ plugin etc if you're comfortable with that. This is not a beginner role. While I can do these activities myself, I lack time at this stage. You absolutely need to have recent/ hands-on experience with Microsoft Sentinel/ Defender Suite (e.g., Defender for Endpoint, Cloud), Microsoft Purview, and Kusto Query Language (KQL) Azure Logic Apps / Playbooks for security automation. Important: -- This is a consulting/documentation role. No direct access to the environment is granted. -- You will work with me, another cybersecurity professional. -- You'll most likely be assigned a task/ objective - which could be creating automations/ analytics rule/ playbooks - you will complete and provide the documented deliverables. -- Initially it will be a few hours each week but has the potential to increase. Please advise on your availability and your hourly rate. -- I understand you may not meet all my requirements, but I am still interested to hear from you if you meet most. Please reach out with the stuff you have done, like playbooks created, automation, analytics rule created. Thanks!