Security Engineer ll – Microsoft Sentinel & Defender XDR

We help the world Be Everyday Ready™ Today’s threatscape is relentless. So are we. At Cyderes, we specialize in building practical IAM, exposure management, and risk programs, and stopping active threats fast with MDR that works with your existing security tools — all augmented by AI and driven by seasoned operators. Our tireless global team is laser-focused on cybersecurity, arming organizations with the people, platforms, and perspectives they need to conquer whatever tomorrow throws their way. About the Company: We are Cyderes (Cyber Defense and Response). A global, pure-play, full lifecycle cyber securityservicesprovider. We help the world Be Everyday Ready™ Today’s threatscape is relentless. So are we. At Cyderes, we specialize in building practical IAM, exposure management, and risk programs, and stopping active threats fast with MDR that works with your existing security tools — all augmented by AI and driven by seasoned operators. Our tireless global team is laser-focused on cybersecurity, arming organizations with the people, platforms, and perspectives they need to conquer whatever tomorrow throws their way. About the Job:The Security Engineer ll – Microsoft Sentinel & Defender XDR plays a critical engineering role within Cyderes’ Managed Sentinel SIEM and MDR services. This role goes beyond basic platform administration. The Security Engineer ll is responsible for detection engineering, platform optimization, onboarding lifecycle execution, and Defender XDR integration. You will serve as a trusted technical resource to clients, ensuring their Microsoft security ecosystem is properly configured, optimized, and continuously improving against evolving threats. You will represent and reinforce the Cyderes brand through strong collaboration, professional communication, and consistent delivery that meets or exceeds client expectations. Responsibilities:

Support intake process including coverage for Eastern Standard Time business hours as required

Administer and maintain Microsoft Sentinel and Defender XDR environments across managed clients

Perform health monitoring of:

Log ingestion pipelines

Data connector status

Automation playbooks

Analytics rule performance

Monitor ingestion volumes and support cost optimization initiatives

Assist in tenant standardization across multi-client MSSP environments

Onboard new data sources into Microsoft Sentinel following established SOPs:

Validate connectivity

Confirm correct parsing and schema normalization

Ensure events are visible and queryable in Log Analytics

Integrate Microsoft Defender data sources:

Defender for Endpoint

Defender for Identity

Defender for Office 365

Defender for Cloud Apps

Validate data integrity and entity mapping

Troubleshoot ingestion or connector issues across Azure and third-party integrations

Develop and maintain analytics rules (Scheduled, NRT, Fusion)

Create and tune detection logic using KQL

Reduce false positives through structured tuning and rule refinement

Map detections to MITRE ATT&CK framework

Improve alert fidelity and correlation between Defender XDR and Sentinel

Maintain dashboards, workbooks, and reporting artifacts

Assist in building reusable hunting and detection libraries

Monitor Sentinel and Defender XDR alerts

Perform Tier 2 triage and investigation of escalated alerts

Provide clear documentation and escalation to MDR/SOC teams

Support root cause investigations for platform or telemetry issues

Assist with containment automation where applicable

Develop and maintain Azure Logic App playbooks

Automate response actions such as:

Device isolation

User disablement

IP blocking

Ticket creation

Follow change management processes for configuration updates

Test changes in lower environments when applicable

Contribute to:

Runbooks

Standard operating procedures

Onboarding checklists

Detection documentation

Document false positives and data quality issues

Provide tuning feedback to senior engineers and architecture teams

Stay current on Microsoft security roadmap changes

Participate in internal training and knowledge-sharing sessions

Requirements

Diploma or Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related field (or equivalent experience)

Experience

3–5 years of experience in IT security, SOC, or security engineering roles

Minimum 2 years hands-on experience with Microsoft Sentinel

Experience with Microsoft Defender XDR suite

Experience in MSSP or customer-facing environments preferred

Exposure to multi-tenant environments (Azure Lighthouse preferred)

Strong working knowledge of:

Microsoft Sentinel

Microsoft Defender XDR

Azure Log Analytics

Proficiency in KQL

Understanding of:

Windows & Linux logs

Azure AD / Entra ID

Networking fundamentals (TCP/IP, ports, firewalls, proxies)

Authentication & authorization models

Experience with:

Azure Logic Apps

REST APIs

PowerShell or Python scripting

Understanding of MITRE ATT&CK framework

Familiarity with MDR operational workflows

SC-200 (Microsoft Security Operations Analyst)

AZ-500 (Azure Security Engineer)

SC-100 (Cybersecurity Architect)

Security+

Relevant Microsoft Defender certifications

Strong analytical and problem-solving skills

Clear written and verbal communication

Ability to document investigations and platform changes thoroughly

Customer-focused mindset

Ability to balance operational and engineering responsibilities