Jobfoundry
Jobfoundry
Lenovo

Sr Operation Mgmt Specialist

Lenovo
ElectronicsSINGAPORE, Central Singapore, SingaporeFull-time1 months ago
Apply Now

About the role

AI summarised

This role is for a Security Operations Center (SOC) analyst specializing in Microsoft Sentinel. The analyst will perform real-time monitoring, triage, investigation, and response to security incidents, utilizing KQL and the Microsoft 365 Defender stack. Responsibilities include alert triage, playbook execution, incident documentation, and platform maintenance.

ElectronicsFull-timeInformation Technology

Key Responsibilities

  • Real-Time Surveillance: Maintain high vigilance monitoring of the Microsoft Sentinel Incident queue to identify anomalies and potential security breaches.
  • Noise Reduction: Distinguish between benign environmental behaviour and malicious activity to reduce alert fatigue within the SOC.
  • Severity Assessment: Categorize and prioritize incidents based on business impact, asset criticality, and the MITRE ATT&CK framework.
  • KQL Proficiency: Utilize Kusto Query Language (KQL) to perform deep-dive log analysis across Security Event, Sign in Logs, and Office Activity tables.
  • Root Cause Analysis: Conduct forensic to reconstruct timelines to validate the legitimacy of alerts.
  • Evidence Gathering: Correlate data across the Microsoft 365 Defender stack (Endpoint, Identity, Cloud Apps) to build a comprehensive picture of the threat actor's movements.
  • Automated Response: Execute Azure Logic App Playbooks to perform rapid containment actions, such as revoking AAD sessions or isolating compromised hosts.
  • Standard Operating Procedures (SOPs): Establish SOP to ensure a consistent and compliant response to known threat vectors.
  • Manual Remediation: Perform manual intervention when automated flows are inapplicable, ensuring the 'Time to Remediate' (TTR) is minimized.
  • Audit Trail Management: Maintain meticulous, chronological records of all investigative steps and findings within the ITSM ticketing system (e.g., ServiceNow).
  • Technical Summaries: Draft clear, concise post-incident summaries detailing the scope of the impact and the steps taken for resolution.
  • Knowledge Base Contribution: Update internal wikis or 'Runbooks' with new findings to improve the team's collective response capability.

Requirements

  • Minimum of 2–3 years of hands-on experience with Microsoft Sentinel, including workspace configuration, data connector management, and incident investigation.
  • Advanced ability to write and optimize Kusto Query Language (KQL) for hunting, detection rules, and workbook visualization.
  • Strong operational knowledge of the broader Defender suite (Defender for Endpoint, Identity, Office 365, and Cloud Apps).
  • Familiarity with Azure Resources, including Virtual Machines, Storage Accounts, and Log Analytics Workspaces.
  • Experience triggering and troubleshooting Azure Logic Apps (Playbooks) for automated incident response.
  • Proven track record of onboarding diverse assets to Sentinel (Syslog, CEF, Azure Activity, and Third-party APIs).
  • Experience creating and tuning Analytics Rules to reduce false positives while maintaining high detection coverage.
  • Understanding of TCP/IP, DNS, and HTTP/S, with the ability to interpret logs from Firewalls, Proxies, and WAFs.
  • Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related discipline.
  • Professional certifications such as ECIH, GCIH, CISSP or CISM are preferred.
  • Microsoft certifications such as SC-200: Microsoft Security Operations Analyst Associate, AZ-500: Microsoft Azure Security Technologies, SC-300: Microsoft Identity and Access Administrator Associate would be advantageous.