Job ID: JOB_ID_8149
Job Summary:
We are seeking a skilled Security Operations (SecOps) Engineer with a strong focus on native Microsoft security tooling in Azure. This role involves 5+ years of experience in security operations engineering or incident response, with at least 2 years of hands-on experience operating Microsoft security tools within Azure environments. The primary responsibility will be to build and tune detections in Microsoft Sentinel and automate responses using Logic Apps/Playbooks. This is a critical role in maintaining and enhancing our cloud security posture.
Key Responsibilities:
- Develop, implement, and maintain security detections and response automation within Microsoft Sentinel (Log Analytics, Workbooks, Playbooks/Logic Apps).
- Manage and monitor cloud posture and vulnerability using Microsoft Defender for Cloud, Secure Score, and regulatory compliance dashboards.
- Oversee identity and access management using Entra ID (Azure AD), including PIM, Conditional Access, RBAC, and Managed Identities.
- Ensure data protection and governance through Azure Key Vault (FIPS 140-2) and Microsoft Purview.
- Implement and manage policies and baselines using Azure Policy, Azure Blueprints, and Azure Automation.
- Utilize Azure Monitor, Log Analytics, Activity Logs, and Diagnostic Settings for comprehensive monitoring.
- Configure and manage network security components such as Azure Firewall, NSGs, Private Link, and DDoS Protection (Standard).
- Integrate Microsoft Defender XDR signals for endpoint security and threat detection.
- Perform incident response activities, including triage, investigation, containment, and documentation with audit-quality evidence.
- Operate vulnerability and misconfiguration management workflows, ensuring remediation SLAs aligned with FedRAMP timelines are met.
- Utilize scripting and automation (KQL, PowerShell, ARM/Bicep/Terraform basics) for detection, onboarding, and evidence generation.
- Create and maintain detailed documentation for playbooks, evidence packages, and stakeholder updates.
- Communicate effectively with stakeholders regarding security operations and incident status.
Required Qualifications:
- 5+ years in security operations engineering or incident response.
- 2+ years of hands-on experience operating native Microsoft security tooling in Azure.
- Proven experience building and tuning detections in Microsoft Sentinel and automating responses with Logic Apps/Playbooks.
- Practical knowledge of FedRAMP baselines (Moderate/High) and relevant NIST SP 800-53 control families (AC, AU, CM, IR, RA, SC, SI).
- Proficiency with Azure security services: Defender for Cloud, Azure Policy, Entra ID (PIM/Conditional Access), Key Vault, Azure Monitor/Log Analytics.
- Strong incident response skills: triage, investigation, containment, and post-incident documentation.
- Experience operating vulnerability/misconfiguration management workflows and meeting remediation SLAs.
- Familiarity with scripting/automation (KQL for Sentinel, PowerShell, ARM/Bicep/Terraform basics).
- Excellent documentation and communication skills.
Preferred Qualifications:
- Experience with Azure Government or GCC High environments.
- Prior contributions to FedRAMP Continuous Monitoring reporting and POA&M lifecycle management.
- Experience integrating native controls with payment or mission-critical workloads.
- Familiarity with Microsoft Purview, Defender for Cloud Apps, Entra ID Protection, and Private Link patterns.
- Relevant certifications such as AZ-500, SC-200, CISSP, CCSP, or equivalent.
Special Requirements
4 days onsite required weekly from day one. Interview: Video. Need Locals with LinkedIn id. FedRAMP baselines (Moderate/High) and NIST SP 800-53 control families relevant to operations (AC, AU, CM, IR, RA, SC, SI). Visa constraints: USC Only (implied by 'Need Locals').
Compensation & Location
Salary: $75 – $95 per year
Location: New York, NY
Recruiter / Company – Contact Information
Email: rag@tekpyramids.com
Recruiter Notice:
To remove this job posting, please send an email from
rag@tekpyramids.com with the subject:
DELETE_JOB_ID_8149