SOC Security Analyst (Microsoft Sentinel & Defender Specialist)
SOCHK resources are looking for an experienced SOC Security Analyst (Microsoft Sentinel & Defender Specialist). This role is hybrid working with 2-3 days per week on site in Hong Kong, and the remainder remote working, for an initial -month contract.
Job Summary:
We are seeking a highly skilled and experienced SOC L2 Analyst with strong engineering knowledge and deep expertise in Microsoft Sentinel and the Microsoft Defender suite. The ideal candidate will take a lead role in advanced threat detection, incident response, detection engineering, and security monitoring, while also optimising license consumption and SIEM integration efforts.
Key Responsibilities:
Advanced Threat Detection & Incident Response
– Investigate and analyze complex security incidents escalated from L1 SOC analysts.
– Leverage Microsoft Sentinel (SIEM) and Microsoft Defender XDR to conduct in-depth incident response.
– Correlate multi-source telemetry (network, endpoint, identity, cloud) to identify and contain threats.
Threat Hunting & Detection Engineering
– Perform proactive threat hunting using KQL within Microsoft Sentinel.
– Develop and fine-tune custom analytics rules, workbooks, and hunting queries.
– Apply the MITRE ATT&CK framework to build coverage and improve threat visibility.
Security Engineering & Platform Management
– Onboard and integrate new data sources into Microsoft Sentinel, ensuring accurate log ingestion and parsing.
– Build and manage data connectors, custom log parsers, and normalisation schemas.
– Collaborate with cloud and infrastructure teams to onboard telemetry from endpoints, identity systems, and SaaS platforms.
License Usage Monitoring & Optimisation
– Monitor Microsoft Sentinel and Defender license consumption on an ongoing basis.
– Analyse and average daily ingestion volumes, ensuring alignment with the procured license limits.
– Recommend optimisation strategies to control costs without compromising visibility or detection capabilities.
Automation & Response
– Design and implement automated response workflows using Sentinel playbooks (Logic Apps).
– Enhance response efficiency by developing SOAR integrations across security tooling.
Documentation & Reporting
– Produce comprehensive incident reports and root cause analyses.
– Maintain technical documentation for use cases, configurations, response procedures, and data source onboarding.
– Generate regular dashboards and reports for SOC leadership and compliance stakeholders.
Required Skills & Qualifications:
– Bachelor’s Degree in Computer Science, Cybersecurity, Engineering, or a related field.
– 5+ years of hands-on experience in cybersecurity operations.
– Minimum 2 years of experience with Microsoft Sentinel and Microsoft Defender suite.
Skills:
– KQL (Kusto Query Language)
– Security architecture and data integration
– Azure and Microsoft 365 Security Services
– Experience in onboarding and managing log sources in a SIEM.
– Understanding of log ingestion cost management and licensing considerations in Sentinel.
– Familiarity with cloud-native security tools and threat intelligence integration.
– Scripting experience (e.g., PowerShell, Python) is an advantage.
Preferred certifications:
– SC-200: Microsoft Security Operations Analyst
– AZ-500: Microsoft Azure Security Technologies
– GCIA, GCIH, or equivalent is an advantage
Preferred Personal Attributes:
– Strong analytical and problem-solving mindset.
– Ability to lead under pressure during real-time incidents.
– Clear and effective communicator-both verbal and written.
– Proactive, self-driven, and committed to continuous improvement.
All of our opportunities require that applicants are eligible to work in the specified country/location, unless otherwise stated in the job description.