Microsoft Defender & Sentinel Security Engineer

Job Title: Microsoft Defender & Sentinel Security Engineer

Location:  Sofia, Bulgaria Experience:  5–10+ years   Certifications Preferred:  Microsoft Certified: Security Operations Analyst Associate, Microsoft Certified: Azure Security Engineer Associate

Job Summary:

We are seeking a skilled and proactive  Security Engineer  with hands-on experience in deploying and managing  Microsoft Defender for Server  and  Microsoft Sentinel . This role is ideal for professionals who can work across both platforms to deliver integrated threat detection, response, and monitoring capabilities in hybrid environments. The engineer will be responsible for implementing advanced security controls, automating incident response, and ensuring visibility across on-premises and cloud infrastructure.

Key Responsibilities:

Microsoft Defender for Server:

• Deploy and configure  Microsoft Defender for Endpoint (MDE)  on Windows and Linux servers (on-prem and hybrid).
• Integrate  Defender for Endpoint ,  Defender for Identity , and  Defender for Servers  into the broader security infrastructure.
• Create and manage  automated response playbooks  using  Logic Apps  and  Microsoft Defender XDR .
• Use  Advanced Hunting  with  Kusto Query Language (KQL)  to investigate and analyze threat activity.
• Monitor and fine-tune  attack surface reduction rules ,  EDR policies , and  vulnerability management  features.
• Ensure compliance with organizational security policies and regulatory requirements.

Microsoft Sentinel:

• Deploy and configure  Microsoft Sentinel  for real-time monitoring of on-premises and cloud infrastructure.
• Set up and manage  Log Analytics Workspaces  and configure  data connectors  for ingestion from various sources.
• Configure  Syslog ,  Common Event Format (CEF) , and  Windows Event Forwarding (WEF)  for security devices, firewalls, and servers.
• Develop and optimize  custom KQL queries  to analyze security logs and detect anomalies.
• Design and implement  workbooks and dashboards  for operational visibility and executive reporting.
• Create and manage  alert rules ,  analytics rules , and  incident response playbooks  for automated threat mitigation.

Technical Skills & Expertise:

• Microsoft Defender Suite:
• Defender for Endpoint (MDE)
• Defender for Identity
• Defender for Servers
• Microsoft Defender XDR
• Logic Apps for automation
• Microsoft Sentinel:
• Sentinel deployment and configuration
• Log Analytics Workspace management
• Data ingestion via Syslog, CEF, WEF
• KQL for advanced threat hunting
• Workbook and dashboard creation
• Alerting and incident response automation
• Security Operations & Integration:
• SIEM/SOAR integration
• Threat detection and response workflows
• Integration with Microsoft Entra ID (Azure AD), Intune, and other M365 security tools
• Scripting & Automation:
• PowerShell, Azure CLI, ARM templates
• Logic Apps, Azure Functions
• Compliance & Governance:
• Familiarity with frameworks like  NIST, ISO 27001, CIS Benchmarks
• Experience in regulated environments (e.g., BFSI, healthcare, government)

Preferred Qualifications:

• Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field
• Microsoft certifications (e.g., SC-200, AZ-500)
• Experience with hybrid cloud environments (Azure, AWS, on-prem)
• Familiarity with MITRE ATT&CK framework

Soft Skills:

• Strong analytical and problem-solving skills
• Excellent communication and documentation abilities
• Ability to work independently and collaboratively in a fast-paced environment