Cybersecurity Consultant
IBMRomania19 hours ago
Full-timeInformation Technology
Track This Job
Add this job to your tracking list to:
- Monitor application status and updates
- Change status (Applied, Interview, Offer, etc.)
- Add personal notes and comments
- Set reminders for follow-ups
- Track your entire application journey
Save This Job
Add this job to your saved collection to:
- Access easily from your saved jobs dashboard
- Review job details later without searching again
- Compare with other saved opportunities
- Keep a collection of interesting positions
- Receive notifications about saved jobs before they expire
AI-Powered Job Summary
Get a concise overview of key job requirements, responsibilities, and qualifications in seconds.
Pro Tip: Use this feature to quickly decide if a job matches your skills before reading the full description.
Introduction
The Sentinel Content Engineer is responsible for designing, implementing, tuning, and maintaining Microsoft Sentinel content to enable effective detection, response, and automation within the Client Security Operations Center (CSOC). This role ensures that Sentinel provides high-fidelity detections, automated response capabilities, and actionable dashboards aligned with the threat landscape and client requirements. The engineer works closely with SOC analysts (L1/L2), threat intelligence teams, and client stakeholders to develop and continuously improve security use cases, analytics rules, and playbooks.
Your Role And Responsibilities
Key Responsibilities / Tasks
Detection Engineering
Hiring manager and Recruiter should collaborate to create the relevant verbiage.
The Sentinel Content Engineer is responsible for designing, implementing, tuning, and maintaining Microsoft Sentinel content to enable effective detection, response, and automation within the Client Security Operations Center (CSOC). This role ensures that Sentinel provides high-fidelity detections, automated response capabilities, and actionable dashboards aligned with the threat landscape and client requirements. The engineer works closely with SOC analysts (L1/L2), threat intelligence teams, and client stakeholders to develop and continuously improve security use cases, analytics rules, and playbooks.
Your Role And Responsibilities
Key Responsibilities / Tasks
Detection Engineering
- Develop and maintain Sentinel analytics rules using KQL (Kusto Query Language).
- Translate client requirements and threat intelligence into detection use cases.
- Tune existing rules to reduce false positives while maintaining coverage.
- Map detections to MITRE ATT&CK framework for coverage reporting.
- Design, implement, and maintain Logic Apps playbooks for automated response and enrichment.
- Integrate playbooks with external systems (ticketing platforms, TI feeds, EDR, proxy, MISP, etc.).
- Work with analysts to automate repetitive tasks (e.g., enrichment, notification, containment actions).
- Establish and follow a content development lifecycle (design, test, deploy, maintain).
- Maintain proper version control, documentation, and rollback procedures.
- Regularly review and update detection and automation based on lessons learned from incidents.
- Onboard log sources into Sentinel (Azure, Microsoft 365, EDR, firewall, proxy, custom apps).
- Ensure data connectors and normalization follow Sentinel’s schema (ASIM).
- Work with client infrastructure teams to resolve ingestion issues and data gaps.
- Create Sentinel workbooks and dashboards for operational monitoring and executive reporting.
- Provide SOC metrics, KPIs, and threat visibility dashboards for clients and leadership.
- Work with SOC L2/L3 analysts to refine detection and response workflows.
- Incorporate threat intelligence feeds and client-specific IoCs into Sentinel content.
- Proactively identify gaps in monitoring coverage and propose improvements.
- Support security incident investigations by providing query expertise and custom rules.
- Microsoft Sentinel Expertise
- Strong hands-on experience with Microsoft Sentinel (SIEM + SOAR).
- Proficiency in KQL (Kusto Query Language) for writing and optimizing queries.
- Experience with Logic Apps for playbook creation and orchestration.
- Familiarity with Microsoft security stack (Defender, EOP, Azure Security Center).
- Detection & Response Engineering
- Ability to translate threat intelligence and MITRE ATT&CK techniques into detection logic.
- Experience tuning detections to balance coverage and noise reduction.
- Knowledge of incident response workflows and SOC operations.
- Automation & Scripting
- Proficiency with PowerShell, Python, or other scripting languages for automation.
- Experience with API integrations (REST, Graph API).
- Log Management & Data Analysis
- Understanding of common log sources (Windows Event Logs, network devices, cloud services).
- Experience with log normalization, parsing, and schema mapping (ASIM).
- Soft Skills & Behavioral Competencies
- Strong problem-solving and analytical mindset.
- Ability to communicate complex technical concepts to analysts and stakeholders.
- Proactive in identifying improvements and proposing new detection/automation content.
- High attention to detail with commitment to documentation and knowledge sharing.
- Bachelor’s degree in Cybersecurity, Computer Science, or equivalent experience.
- 3–5 years of experience in SOC, SIEM engineering, or security content development.
- Microsoft Security certifications preferred:
- SC-200 (Microsoft Security Operations Analyst)
- SC-100 (Microsoft Cybersecurity Architect)
- AZ-500 (Azure Security Engineer Associate)
- Other security certifications a plus (GCIA, GCTI, Splunk Certified, etc.).
Hiring manager and Recruiter should collaborate to create the relevant verbiage.
Key Skills
Ranked by relevanceReady to apply?
Join IBM and take your career to the next level!
Application takes less than 5 minutes