EY TC-CS-NGSO TDR-Sentinel-Senior 

India, Telangana, Hyderabad 

542177243

Senior (CTM – Threat Detection & Response) - Microsoft O365 Security

• Strong technical skills to design and implement O365 Security services with hands on experience on several of the items outlined below:
  • O365 Threat Protection
  • Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity (formerly Azure Advanced Threat Protection) and Microsoft Cloud App (Security Cloud Access Security Broker (CASB))
  • Exchange Online Protection, Safe Attachments, Safe Links, Anti-phishing protection, anti-spoofing, anti-spam protection
  • Azure Information Protection (Azure Rights Management, labels and conditions, templates, AIP scanner, RMS connector, tenant keys, integrate AIP with Microsoft Online Services)
  • Cloud App Security (Plan implementation and configuration)
  • Security reporting (Windows Analytics, Office Telemetry, Office 365 secure score, Azure Log Analytics integration, and alert policies in the O65 Security and Compliance Center)
  • Microsoft Intelligent Security Graph
  • Investigation and Response Playbook
• Enterprise cloud experience with any of the major cloud providers, including cloud security, networking, and migration of multi-cloud or hybrid deployments
• Excellent teamwork skills, passion and drive to succeed and combat Cyber threats
• Work collaboratively with other team members to find creative and practical solutions to customers’ challenges and needs.
• Provide consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment.
• Strong knowledge of cyber threat intelligence frameworks
• Willing to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers.
• Ability to integrate Microsoft Cloud Technologies with 3rd party security products such as Splunk, Ping, Okta, etc.
• Below mentioned experiences/expertise on Sentinel will be added advantage
  • Develop a migration plan from Splunk/QRadar/LogR to Azure Sentinel
  • Deep understanding of how to implement best practices for designing and securing Azure platform
  • Experiencing advising on Microsoft Cloud Security capabilities across Azure platform
  • Configure data digestion types and connectors
  • Analytic design and configuration of the events and logs being digested
  • Develop, automate, and orchestrate tasks(playbooks) with logic apps based on certain events
  • Configure Sentinel Incidents, Workbooks, Hunt queries, Notebooks
• Must have experience in any SIEM technology (Splunk, IBM QRadar, Sentinel, etc.). Preference for Sentinel experience

Qualification & experience:

• 5+ Years’ experience in Cyber Security Engineering or Consulting, and/or Support
• Experience supporting large and complex geographically distributed enterprise environments
• Preferably in possession of one of the relevant (MS) certifications (e.g. AZ-500, MS-500, etc.)
• Excellent communication skills in written and oral English
• Experience on Windows Server, Windows Client, Active Directory and/or Azure Active Directory Administration
• Knowledge of information security standards (ISO, NIST, PCI, GDPR etc.)
• Good to have experience in Malware Analysis and Incident Response
• Good to have some experience in Endpoint (other than Microsoft technologies) and Network Security
• Good knowledge of scripting and automation (PowerShell or Python, Java, or a similar language, can be a beginner to intermediate level)

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.