Sr. Microsoft Sentinel Deployment Engineer

Job Description

About Us: Pragya Cyber Private Limited is a growing cybersecurity services company committed to protecting businesses through tailored security assessments, compliance readiness, and proactive security operations. We're building a team of passionate professionals who are eager to make an impact in the ever-evolving security landscape. Key Responsibilities Run technical discovery: data sources, log volumes, SOC use cases, compliance and threat model (MITRE ATT&CK). Design Sentinel architecture: workspaces, data retention, multi-workspace/tenant strategy, cost governance. Deploy at scale via IaC: ARM/Bicep/Terraform; parameterize environments (Dev/Test/Prod) and enable CI/CD (Azure DevOps/GitHub). Onboard data connectors (M365, AAD, MDE, MCAS/Defender for Cloud Apps, Prisma/Cisco/Palo Alto, Syslog/CEF, custom REST/API). Build analytics content: KQL detections (scheduled, NRT, ML-based), hunting queries, UEBA tuning, watchlists, parsers/ASIM. SOAR & response: design and implement Logic Apps playbooks, automation rules, approvals, and secure connections. Tuning & hardening: noise reduction, thresholding, fusion, threat intel integration, rule hygiene, and performance optimization. Dashboards & reporting: workbooks, KPI/KRI packs (MTTD/MTTR, alert fidelity, EPS/GB cost tracking). Produce delivery artifacts: HLD/LLD, runbooks, cutover plans, admin guides, and customer handover. Stakeholder engagement: run workshops, demo progress, manage risks/issues, and support light presales scoping when needed. Required Skills & Experience 5?8+ years in security engineering/SIEM with 3+ years dedicated to Microsoft Sentinel in production. Expert KQL (joins, mv-expansion, timecharting, lookups, regex), performance tuning, and detection engineering. Proven Terraform/Bicep/ARM experience for Sentinel + dependent resources (Function Apps, Storage, Event Hub, AAD apps). Strong Azure fundamentals: AAD/Entra ID, Defender XDR suite, Azure Monitor/Log Analytics, Event Hub, Key Vault, Managed Identities. SOAR engineering with Logic Apps (custom connectors, retries, throttling, error handling, secrets). Content governance: Content Hub packages, versioning, Git workflows, CI/CD (pipelines, approvals, environment gates). Threat modeling & ATT&CK mapping; ability to evidence detection coverage and rationalize use-case priority. Scripting: PowerShell and/or Python for utilities, content packaging, API calls (Graph/Sentinel/MDATP). Consulting skills: clear documentation, workshop facilitation, and customer communication. Nice to Have Experience in MSSP or multi-tenant Sentinel designs. ASIM parsers, DCR/DCE custom logs, AMA migration expertise. Integrations: Defender for Cloud, EDR/XDR platforms, cloud firewalls, ZTNA/SASE, SaaS logs via API. Exposure to security data science (anomaly baselines) and MDE custom detections. Familiarity with NIST CSF/ISO 27001 controls mapping to Sentinel use cases. Certifications (Preferred) SC-200 (mandatory strong plus), SC-100, AZ-500. Terraform Associate or Microsoft DevOps (AZ-400) is a bonus.