US Senior Security Engineer (Microsoft Sentinel/ SIEM)

US Senior Security Engineer (Microsoft Sentinel/ SIEM)

Level: Mid Senior

Work Setup: Hybrid (RTO @ BGC, Taguig)

Shift: Nightshift (supports global security operations)

Location: Philippines

Top Skills: Microsoft Sentinel, Security Information and Event Management

Role Overview

We are seeking a highly experienced Security Engineer with deep expertise in SIEM technologies, specializing in Microsoft Sentinel. This role combines advanced incident detection, threat investigation, SIEM content development, and engineeringlevel enhancements across global security environments. The Security Engineer will lead SIEM tuning, KQL rule creation, log onboarding, automation, and detection engineering efforts. You will collaborate closely with incident response teams, threat hunters, and security engineering groups to improve detection maturity and SOC performance.

Required Qualifications

• Bachelor's degree in IT, Computer Science, Engineering, or equivalent experience.
• 5+ years of Security Operations experience, including: At least 3+ years handson SIEM engineering and Expertlevel Microsoft Sentinel experience (KQL, analytics, automation, log onboarding)
• Strong expertise in: SIEM architecture & engineering, Log analysis & security event correlation, Incident response methodologies, Network security protocols (TCP/IP, DNS, HTTP, etc.), Windows/Linux adminlevel understanding
• Handson experience with security domains: Endpoint security , MFA / IAM / PKI , DLP, Firewalls and web content filtering
• Experience using ticketing tools (ServiceNow preferred).

Preferred Qualifications (but not required)

• Certifications: SC200, AZ500, GCIH, GCIA, CISSP, or equivalent.
• Cloud security experience, especially Azure.
• Experience with detection engineering, security automation, and SIEM content development.
• Familiarity with compliance frameworks (NIST, PCI, SOX, HIPAA, JSOX).
• Experience in Enterprise or MSSP SOC environments (23 years minimum).

Desired Characteristics

• Strong analytical and investigative skills.
• Excellent written and verbal communication.
• Highly organized, detailoriented, and proactive.
• Able to work independently in a fastpaced global environment.
• Collaborative team player with strong stakeholder engagement skills.
• Passion for continuous learning, automation, and SOC maturity improvement.

Key Responsibilities

Advanced Security Monitoring & Incident Response

• Analyze, investigate, and validate security incidents generated primarily from Microsoft Sentinel.
• Perform triage, correlation, enrichment, and validation of advanced alerts.
• Conduct deepdive SIEM investigations using KQL queries and advanced analytics.
• Perform false positive and false negative analysis to enhance detection fidelity.
• Collect and analyze logs from firewalls, IDS/IPS, Windows DC, network appliances, AV/EDR, and email security platforms.
• Escalate confirmed incidents to SOC Analysts or Incident Response teams as required.
• Acknowledge and investigate incidents reported via email, phone, ticketing systems, and management escalation.

Detection Engineering & SIEM Development

• Develop, optimize, and maintain detection rules, KQL queries, analytics rules, correlation logic, and custom content.
• Lead log source onboarding, data normalization, parsing, and architecture improvements.
• Perform regular SIEM tuning to reduce alert noise and improve detection accuracy.
• Support creation of use cases, detection logic, parsers, and enrichment logic.
• Conduct threat validation, log forensics, packet analysis, and advanced event correlation.

Automation, Engineering, & Platform Enhancement

• Create and maintain automation workflows and playbooks in Microsoft Sentinel (Logic Apps).
• Develop dashboards, reporting views, and performance metrics to support SOC leadership.
• Provide engineering recommendations for improving SIEM architecture, log fidelity, and monitoring coverage.
• Ensure alignment with security standards, governance frameworks, and best practices.

Security Operations & Governance

• Use ServiceNow to open, update, and track incidents, change requests, and clientdriven updates following SLA requirements.
• Generate weekly and adhoc SIEM reports for internal and client use.
• Support cloud security (Azure), endpoint security, MFA, IAM, DLP, and related enterprise security tooling.
• Assist in validation of security controls, hardening, and risk reduction activities.
• Maintain and improve SOC documentation, SOPs, and playbooks.

Collaboration & Continuous Improvement

• Partner with IR teams, threat hunters, infrastructure groups, and platform owners to support containment and remediation.
• Contribute to continuous improvement initiatives to enhance SOC maturity and engineering capability.
• Stay current with evolving threats, detection methodologies, and Microsoft Sentinel advancements.