EY GDS Consulting - Cyber Security O365 

Philippines, Taguig 

211465227

Senior (CTM – Threat Detection & Response) - Microsoft O365 Security

 Strong technical skills to design and implement O365 Security services with hands on experience on several of the items outlined below:

• O365 Threat Protection
• Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity (formerly Azure Advanced Threat Protection) and Microsoft Cloud App (Security Cloud Access Security Broker (CASB))
• Exchange Online Protection, Safe Attachments, Safe Links, Anti-phishing protection, anti-spoofing, anti-spam protection
• Azure Information Protection (Azure Rights Management, labels and conditions, templates, AIP scanner, RMS connector, tenant keys, integrate AIP with Microsoft Online Services)
• Cloud App Security (Plan implementation and configuration)
• Security reporting (Windows Analytics, Office Telemetry, Office 365 secure score, Azure Log Analytics integration, and alert policies in the O65 Security and Compliance Center)
• Microsoft Intelligent Security Graph
• Investigation and Response Playbook

 Enterprise cloud experience with any of the major cloud providers, including cloud security, networking, and migration of multi-cloud or hybrid deployments

 Strong knowledge of cyber threat intelligence frameworks

 Willing to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers.

 Ability to integrate Microsoft Cloud Technologies with 3rd party security products such as Splunk, Ping, Okta, etc.

 Below mentioned experiences/expertise on Sentinel will be added advantage
 Develop a migration plan from Splunk/QRadar/LogR to Azure Sentinel
 Deep understanding of how to implement best practices for designing and securing Azure platform
 Experiencing advising on Microsoft Cloud Security capabilities across Azure platform
 Configure data digestion types and connectors
 Analytic design and configuration of the events and logs being digested
 Develop, automate, and orchestrate tasks(playbooks) with logic apps based on certain events
 Configure Sentinel Incidents, Workbooks, Hunt queries, Notebooks

 Must have experience in any SIEM technology (Splunk, IBM QRadar, Sentinel, etc.). Preference for Sentinel experience

Qualification & experience:

 5+ Years’ experience in Cyber Security Engineering or Consulting, and/or Support

 Experience supporting large and complex geographically distributed enterprise environments

 Preferably in possession of one of the relevant (MS) certifications (e.g. AZ-500, MS-500, etc.)

 Excellent communication skills in written and oral English
 Experience on Windows Server, Windows Client, Active Directory and/or Azure Active Directory Administration

 Knowledge of information security standards (ISO, NIST, PCI, GDPR etc.)

 Good to have experience in Malware Analysis and Incident Response

 Good to have some experience in Endpoint (other than Microsoft technologies) and Network Security

 Good knowledge of scripting and automation (PowerShell or Python, Java, or a similar language, can be a beginner to intermediate level)

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.