MSD Security Operations Senior Specialist Risk & Analytics 

Romania, Bucharest 

448949373

Job Description

Responsibilities:

• Platform Management : Oversee the management, health, and performance of Microsoft Sentinel, Splunk, Cribl, and Anomali platforms
• Collaboration with SOC Teams : Support SOC teams by ensuring the security platforms are fully operational, optimized, and able to deliver timely and accurate data for incident response.
• ITIL Process Management : Adhere to ITIL processes for change management, problem management, and service management related to the security platforms.
• Log management using Cribl : Ensure that all relevant log sources are ingested, optimized, and routed appropriately using Cribl to maximize visibility, and performance within the SIEM platforms.
• Platform Tuning and Optimization : Regularly update, fine-tune, and optimize SIEM rules, and policies in collaboration with the SOC and/or engineering teams to maintain system efficiency and reduce false positives.
• Threat Intelligence Integration with Anomali : Ensure that threat intelligence feeds from Anomali are properly integrated and maintained to enhance platform performance.
• Vendor Management : Collaborate with vendors for platform support, troubleshooting, and upgrades. Manage relationships to ensure timely resolution of issues and optimal platform performance.
• Service Availability and Maintenance : Oversee the regular maintenance, patching, and availability of security platforms, ensuring that they meet operational and business requirements.
• Reporting and Documentation : Generate reports and maintain documentation on platform performance, system changes, and operational tasks for internal stakeholders and management.

Qualifications:

• Proven experience (5+ years) in platform management, with hands-on experience using Microsoft Sentinel, Splunk, or other SIEM platforms.
• Experience with Cribl for log management and optimization, and Anomali for threat intelligence integration.
• Strong knowledge of ITIL processes, particularly in change management, problem management, and service management
• Ability to collaborate with cross-functional teams including engineering, SOC, L3 support, 24x7 support, business stakeholders, and vendors.
• Cloud Security Experience (Azure, AWS, GCP) is a plus.
• Familiarity with SIEM performance optimization and automated workflows (e.g., Logic Apps, SOAR platforms)
• Certifications such as ITIL, CISSP, CEH, GCIH, or Microsoft Certified: Security, Compliance, and Identity Fundamentals are highly desired.

Preferred Skills:

• Proficiency in KQL for advanced search and analysis in Microsoft Sentinel
• Splunk SPL proficiency for advanced queries and reporting
• Expertise in Cribl for optimizing and routing log data to SIEM platforms.
• Experience in integrating and managing threat intelligence feeds with Anomali.
• Familiarity with ITIL-based service delivery and process management.

What we offer:

• A hybrid work environment
• Competitive salary and benefits package
• Opportunities for professional growth and further training
• A dynamic and supportive team environment, collaborating on the latest in security technologies.

Current Contingent Workers apply

Not Indicated

*A job posting is effective until 11:59:59PM on the dayBEFOREthe listed job posting end date. Please ensure you apply to a job posting no later than the dayBEFOREthe job posting end date.