Cyber Threat Consultant

Marcus Donald are looking to speak with Cyber Security Engineers with heavy experience across multiple SIEM tools, particularly MS Sentinel. This role falls within the Security team for a leading MSP who prioritize customer delivery across the business. This is an exciting opportunity to support the new Microsoft Sentinel Service they are offering.

The successful individual will have the opportunity to work remotely with little requirement to get into the offices spread across the UK.

Responsibilities – Cyber Threat Consultant:

• Triage / Escalation of SOC and SIEM activity for high level alerts across the business
• Develop Microsoft Sentinel content including Detection rules, Functions, Playbooks etc.
• Writing and refining Microsoft Sentinel detection rules using Kusto Query Language (KQL)
• Integrate internal systems with 3rd party products and build tooling around them.
• Provide 3rd line support for use case automation issues

Requirements – Cyber Threat Consultant:

• Experience with multiple SIEM Platforms, including working with logs and creating correlation searches and dashboards.
• Experience with KQL
• Ability to work with customers and 3rd parties technically and high degree of customer experience
• Ability to effectively document and manage incident cases
• 1+ years experience automating playbooks/runbooks with Microsoft Sentinel

Desirable – Cyber Threat Consultant:

• Experience working with in MSP environment
• Knowledge on MITRE ATT&CK Framework
• AZ-900: Microsoft Azure Fundamentals & any other relevant security certifications
• Experience with Terraform
• Experience scripting with Python

This is a great opportunity for someone who values the customer experience as well as someone who has the technical capacity to engage with multiple technologies, customers and third parties simultaneously. If you would like to discuss this in further detail contact me at jryan@marcusdonald.com or call 020 3328 0400.