Microsoft Sentinel Content Developer

Job Description

About company: They balance innovation with an open, friendly culture and the backing of a long-established parent company, known for its ethical reputation. We guide customers from what?s now to what?s next by unlocking the value of their data and applications to solve their digital challenges, achieving outcomes that benefit both business and society. ? Job Title: Microsoft Sentinel Content Developer ? Location: Bengaluru, Chennai, Pune, Hyderabad or Coimbatore ? Experience: 4-12 yrs ? Notice Period:- Immediate joiners. JD: Key Responsibilities: Log Parsing & Normalization: Perform parsing and normalization of logs at the Datadog observability pipeline level. Create and manage Data Collection Rules (DCRs) in Microsoft Sentinel with custom parsing and transformation logic. Map logs to Microsoft Sentinel Normalized Schema (ASIM) where applicable. Ensure high-quality, structured data ingestion for effective detection and investigation. Detection Rule Migration: Analyze and understand existing Splunk detection rules written in SPL. Translate and migrate detection logic into Microsoft Sentinel analytic rules using KQL. Optimize rules for performance, accuracy, and minimal false positives. Content Development: Develop and maintain custom analytic rules , hunting queries , and workbooks in Sentinel. Collaborate with threat detection teams to build use cases aligned with MITRE ATT&CK and other frameworks. Collaboration & Documentation: Work closely with SOC, engineering, and cloud teams to understand log sources and detection requirements. Document parsing logic, rule mappings, and enrichment strategies for operational transparency. Required Skills: Strong experience with Microsoft Sentinel , KQL , and Data Collection Rules (DCR) . Hands-on experience with Splunk SPL and detection rule development. Familiarity with Datadog log formats and observability pipelines. Understanding of ASIM schema , Microsoft Defender XDR , and Sentinel connectors. Experience with log enrichment , GeoIP , and custom field mapping . Ability to work independently and take ownership of content development tasks. Preferred Qualifications: Microsoft certifications (e.g., SC-200, AZ-500). Knowledge of threat detection frameworks (MITRE ATT&CK, CIS, etc.). Familiarity with CI/CD pipelines for Sentinel content deployment.