Microsoft Defender

Job Title: Microsoft Defender & Sentinel Security Engineer

Location: Bulgaria

Experience: 5–10+ years

Preferred Certifications:

• Microsoft Certified: Security Operations Analyst Associate (SC-200)
• Microsoft Certified: Azure Security Engineer Associate (AZ-500)

Position Summary:

We are seeking a highly skilled and proactive Microsoft Defender & Sentinel Security Engineer to design, deploy, and manage advanced Microsoft security solutions across hybrid cloud environments.

This role focuses on implementing integrated threat detection, response, and monitoring capabilities using Microsoft Defender for Server and Microsoft Sentinel. The ideal candidate will bring a deep understanding of Microsoft's security ecosystem, automation workflows, and incident response best practices to ensure robust protection and visibility across on-premises and cloud infrastructure.

Key Responsibilities:

Microsoft Defender for Server:

• Deploy and configure Microsoft Defender for Endpoint (MDE) across Windows and Linux servers in on-premises and hybrid environments.
• Integrate Defender for Endpoint, Defender for Identity, and Defender for Servers into the broader enterprise security architecture.
• Build and manage automated incident response playbooks using Logic Apps and Microsoft Defender XDR.
• Utilize Advanced Hunting and Kusto Query Language (KQL) to investigate threats and analyze telemetry data.
• Optimize attack surface reduction rules, EDR policies, and vulnerability management configurations.
• Ensure continuous compliance with organizational security standards and regulatory requirements.

Microsoft Sentinel:

• Deploy and configure Microsoft Sentinel to enable real-time security monitoring across hybrid and multi-cloud environments.
• Configure Log Analytics Workspaces and manage data connectors for security log ingestion from diverse sources.
• Implement and tune Syslog, Common Event Format (CEF), and Windows Event Forwarding (WEF) integrations for security appliances and servers.
• Develop and refine KQL queries for anomaly detection, incident investigation, and threat analysis.
• Create dashboards, workbooks, and executive reports to visualize key security insights.
• Define and manage alerting rules, analytics rules, and automated response playbooks to improve detection and mitigation workflows.

Technical Skills & Expertise:

Microsoft Defender Suite:

• Defender for Endpoint (MDE)
• Defender for Identity
• Defender for Servers
• Microsoft Defender XDR
• Logic Apps for automation and orchestration

Microsoft Sentinel:

• Sentinel deployment and configuration
• Log Analytics Workspace setup and management
• Data ingestion via Syslog, CEF, and WEF
• KQL-based advanced threat hunting and reporting
• Workbook and dashboard creation
• Alert rule and incident response automation

Security Operations & Integration:

• SIEM/SOAR integration and use-case development
• Threat detection, investigation, and response workflows
• Integration with Microsoft Entra ID (Azure AD), Intune, and other M365 security tools

Scripting & Automation:

• PowerShell, Azure CLI, and ARM templates
• Logic Apps and Azure Functions for process automation

Compliance & Governance:

• Familiarity with NIST, ISO 27001, CIS Benchmarks, and similar frameworks
• Experience operating in regulated industries (e.g., BFSI, healthcare, government)

Preferred Qualifications:

• Bachelor's or Master's degree in Cybersecurity, Computer Science, or related discipline
• Microsoft certifications: SC-200, AZ-500 (preferred)
• Experience managing hybrid cloud environments (Azure, AWS, on-premises)
• Knowledge of the MITRE ATT&CK framework for adversary behavior analysis

Soft Skills:

• Strong analytical, investigative, and problem-solving abilities
• Excellent communication and documentation skills
• Ability to work independently and collaboratively in fast-paced environments
• Proactive, detail-oriented mindset with focus on continuous improvement and automation

Job Types: Full-time, Contract, Permanent