We are looking for a Microsoft Security Engineer to work within the Cloud Security and Platform Operations team and is responsible for the secure operation and improvement of the Microsoft Security Platform. The role focuses on designing, implementing, and managing security monitoring using Microsoft Sentinel, Azure Monitor, Azure Log Analytics, and Azure Logic Apps.
The engineer maintains the SIEM/SOAR architecture, including automation, incident response playbooks, and centralized logging, and supports the migration of legacy on-prem SIEM systems to Microsoft Sentinel. They collaborate with SOC, Cloud, DevOps, and infrastructure teams to ensure effective threat detection and incident response across Azure and Microsoft 365 environments.
Responsibilites
- Design, implement, and maintain security monitoring architecture using Microsoft Sentinel.
- Develop and maintain automation workflows and incident response playbooks using Azure Logic Apps.
- Configure and manage data ingestion pipelines using Azure Monitor, Azure Log Analytics, and Data Collection Rules (DCR).
- Design and implement centralized logging and monitoring strategies across Azure services and hybrid environments.
- Create and maintain analytics rules, threat detection logic, and KQL queries for security monitoring.
- Develop automated incident response processes and SOAR integrations with security tools.
- Implement and manage Role-Based Access Control (RBAC) models for secure access to monitoring and security platforms.
- Troubleshoot operational issues related to data ingestion, log pipelines, security alerts, and automation workflows.
- Maintain documentation including runbooks, monitoring architecture, and troubleshooting guides.
Requirements
- At least 2+ years of experience in cloud security operations, security monitoring, or SIEM engineering.
- Hands-on experience with Microsoft Sentinel.
- Experience designing and managing SIEM data pipelines, detection rules, and security automation.
- Strong experience with KQL (Kusto Query Language) for log analysis and threat detection.
- Experience developing automation workflows using Azure Logic Apps.
- Experience with Azure monitoring and logging architecture including
- Experience with RBAC design and identity governance using Microsoft Entra ID.
- Understanding of Azure network architecture including
- Experience with security monitoring for Azure resources (IaaS, PaaS, SaaS).
- Knowledge of incident response processes and SOC workflows.
- Understanding of cloud security principles and Zero Trust architecture.
- Experience integrating logs from firewalls, identity systems, cloud platforms, and endpoints.
- Familiarity with Windows and Linux environments for log collection and monitoring.
- Azure Monitor
- Azure Log Analytics
- Data Collection Rules (DCR)
- VNets
- NSGs
- Private Endpoints
- VPN / ExpressRoute
Soft Skills
- Strong analytical and troubleshooting skills.
- Ability to document architecture, operational procedures, and monitoring strategies.
What We Offer
- Competitive salary
- Performance-based bonus
- Cafeteria benefit
- Home office option with related allowance
- Private healthcare package
- Health fund contribution
- Extra day off on your birthday
- Team building events and sport activities
- Travel support for employees living outside Budapest