The point where experts and best companies meet
Share
Senior (CTM – Threat Detection & Response) - Microsoft O365 Security
Strong technical skills to design and implement O365 Security services with hands on experience on several of the items outlined below:
• O365 Threat Protection
• Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity (formerly Azure Advanced Threat Protection) and Microsoft Cloud App (Security Cloud Access Security Broker (CASB))
• Exchange Online Protection, Safe Attachments, Safe Links, Anti-phishing protection, anti-spoofing, anti-spam protection
• Azure Information Protection (Azure Rights Management, labels and conditions, templates, AIP scanner, RMS connector, tenant keys, integrate AIP with Microsoft Online Services)
• Cloud App Security (Plan implementation and configuration)
• Security reporting (Windows Analytics, Office Telemetry, Office 365 secure score, Azure Log Analytics integration, and alert policies in the O65 Security and Compliance Center)
• Microsoft Intelligent Security Graph
• Investigation and Response Playbook
Enterprise cloud experience with any of the major cloud providers, including cloud security, networking, and migration of multi-cloud or hybrid deployments
Strong knowledge of cyber threat intelligence frameworks
Willing to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers.
Ability to integrate Microsoft Cloud Technologies with 3rd party security products such as Splunk, Ping, Okta, etc.
Below mentioned experiences/expertise on Sentinel will be added advantage
Develop a migration plan from Splunk/QRadar/LogR to Azure Sentinel
Deep understanding of how to implement best practices for designing and securing Azure platform
Experiencing advising on Microsoft Cloud Security capabilities across Azure platform
Configure data digestion types and connectors
Analytic design and configuration of the events and logs being digested
Develop, automate, and orchestrate tasks(playbooks) with logic apps based on certain events
Configure Sentinel Incidents, Workbooks, Hunt queries, Notebooks
Must have experience in any SIEM technology (Splunk, IBM QRadar, Sentinel, etc.). Preference for Sentinel experience
Qualification & experience:
5+ Years’ experience in Cyber Security Engineering or Consulting, and/or Support
Experience supporting large and complex geographically distributed enterprise environments
Preferably in possession of one of the relevant (MS) certifications (e.g. AZ-500, MS-500, etc.)
Excellent communication skills in written and oral English
Experience on Windows Server, Windows Client, Active Directory and/or Azure Active Directory Administration
Knowledge of information security standards (ISO, NIST, PCI, GDPR etc.)
Good to have experience in Malware Analysis and Incident Response
Good to have some experience in Endpoint (other than Microsoft technologies) and Network Security
Good knowledge of scripting and automation (PowerShell or Python, Java, or a similar language, can be a beginner to intermediate level)
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
These jobs might be a good fit