Job Description

Key Responsibilities:

• Build & tune Microsoft Sentinel: data connectors, normalisation, analytics rules, UEBA, watchlists, workbooks and cost-savvy ingestion strategies.
• Orchestrate & automate: create pragmatic SOAR playbooks (Logic Apps/Power Automate) that slash MTTR and remove toil.
• XDR in the real world: deploy and optimise Microsoft Defender XDR across endpoints, identity, email and cloud; align detections to MITRE ATT&CK and real threats.
• Hunt & respond: KQL-led threat hunting, incident triage guidance, detection content packs, purple-team style improvements.
• Secure the data: advise on Purview information protection & DLP, from policy design to pilot and rollout.
• Make it land: roadmaps, runbooks, and regular stakeholder updates — translating deep technical detail into business-ready outcomes.
• Coach & mentor: guide junior consultants; share patterns, reusable content and lessons learned.
• Shape opportunities: support presales scoping, proposals and estimation for consulting and implementation work.

Qualification:

• Proven experience delivering Microsoft security projects: Sentinel (must-have), Defender XDR, SOAR (Logic Apps), and Purview/DLP.
• Comfortable with KQL and scripting (PowerShell); version control with Git.
• A knack for cost optimisation (ingestion, retention, table choices, Basic vs Analytics).
• Solid consulting skills — workshops, architecture reviews, stakeholder management and great written reports.
• Familiarity with control frameworks (ISO 27001, NIST CSF/800-53, PCI DSS, GDPR) and how to evidence them in Microsoft cloud.

Work Set Up: Hybrid, Mid Shift (BGC, Taguig office)