About the Role
The Microsoft Sentinel Administrator is responsible for designing, deploying, and managing Microsoft Sentinel environments on behalf of our clients. Because each client operates in a unique environment with distinct security requirements, this role demands deep technical expertise combined with strong client engagement skills. The Sentinel Administrator acts as the technical authority for the SIEM platform across a multi-tenant client portfolio.
Key Responsibilities
- Deploy and configure Microsoft Sentinel across multiple client tenants, including data connectors, analytics rules, workbooks, and automation playbooks.
- Manage multi-tenant Log Analytics Workspaces and optimise data ingestion strategies to meet each client's cost and performance requirements.
- Develop custom KQL queries, correlation rules, and Azure Logic Apps playbooks tailored to individual client environments and threat profiles.
- Integrate Sentinel with client-specific third-party tools, threat intelligence feeds, and Microsoft Defender products.
- Conduct regular platform health checks, capacity reviews, and performance tuning across the client portfolio.
- Work closely with SOC Analysts to refine detection logic, reduce false positives, and ensure alert fidelity for each client.
- Onboard new clients onto the Sentinel platform, managing the full technical onboarding lifecycle from scoping through to go-live.
- Produce and maintain client-facing technical documentation, onboarding guides, and configuration records.
- Support clients during audits and compliance reviews by providing relevant SIEM data and configuration evidence.
Requirements
- 3 or more years of experience in SIEM administration or security engineering, preferably within an MSSP or multi-client environment.
- Hands-on expertise with Microsoft Sentinel and the Microsoft Defender product suite.
- Strong proficiency in KQL and solid working knowledge of Azure infrastructure.
- Experience managing multi-tenant environments is strongly preferred.
- Familiarity with MITRE ATT&CK and common enterprise threat scenarios.
- Microsoft SC-200 and/or SC-100 certification is strongly preferred.
- Strong client communication skills and the ability to explain technical concepts clearly to non-technical stakeholders.
Pay: From ₹50,000.00 per month
Benefits:
Work Location: In person
