Please find JD for JD for Microsoft Defender
Skills - Microsoft Defender Portfolio – End Point/ Identity/ Cloud Apps / 0365
Mandatory Skills - MS Defender for Endpoint- MDE, Defender for O365, Defender for Cloud Apps, Defender for Identity
Position Overview: We are seeking a seasoned Microsoft Defender Expert to join our organization, specializing in assurance and tax audit services across Europe. The ideal candidate will have extensive experience in configuring, managing, and optimizing the Microsoft Defender portfolio, encompassing identity, endpoint, Office 365, and cloud applications. This role will involve securing a hybrid infrastructure of 7,000 assets and supporting 5,600 users, ensuring compliance with stringent industry regulations and providing robust protection against evolving threats.
Key Responsibilities:
1. Microsoft Defender for Endpoint:
- Define and configure endpoint security settings to protect against advanced threats.
- Implement Attack Surface Reduction (ASR) rules to minimize risks.
- Develop custom detection rules for endpoint-based exploits, fileless malware, and ransomware.
- Optimize detection thresholds to reduce false positives and enhance alert accuracy.
- Enable alerts for unusual PowerShell executions and other malicious activities.
- Ensure seamless ingestion of endpoint logs into SIEM for centralized monitoring.
- Document detection configurations and automated playbooks to standardize incident response.
- Provide support during audits and configure comprehensive reports and dashboards.
2. Microsoft Defender for Identity:
- Configure detection policies for risky sign-ins, suspicious behavior, and lateral movement attempts.
- Update and align detection rules with the MITRE ATT&CK framework.
- Ingest identity logs into SIEM for centralized analysis and monitoring.
- Fine-tune detection rules to reduce noise from benign anomalies.
- Support audits by providing relevant evidence and configurations.
- Create detailed reports and dashboards to visualize identity security posture.
3. Microsoft Defender for Office 365 and Mimecast:
- Set up anti-phishing, anti-malware, and safe links policies to secure email communications.
- Develop rules to detect business email compromise (BEC), phishing, and spoofing attempts.
- Secure Office 365 applications through access control policies and configurations.
- Integrate email security logs into SIEM for enhanced visibility and response.
- Provide audit support and create reports and dashboards for Office 365 security.
4. Microsoft Defender for Cloud Apps:
- Control access to cloud applications and manage Shadow IT risks.
- Set up detection mechanisms for data exfiltration, risky behavior, and misuse of privileged accounts.
- Monitor and prevent unauthorized data sharing and enforce session controls for risky app usage.
- Ingest cloud app logs into SIEM for proactive monitoring.
- Develop and maintain automated playbooks to streamline cloud security incident responses.
- Provide audit support and configure reports and dashboards for cloud app security.
5. Compliance and Audit Support:
- Ensure all configurations align with industry compliance standards and best practices.
- Maintain up-to-date knowledge of regulatory requirements and ensure adherence across all Microsoft Defender components.
- Assist in preparing for and responding to audits, providing documentation and evidence as needed.
6. Incident Response
- Serve as the primary technical lead for all Priority-1 / Priority-2 incidents.
- Conduct complex investigations involving malware, ransomware, supply-chain attacks, identity breaches, cloud misuse, and insider threats.
- Perform deep forensics using MDE (process trees, timelines, artifacts).
- Direct containment measures including device isolation, user disablement, token revocation, OAuth revocation, and cloud session blocks.
- Analyze advanced threats: fileless malware, C2 traffic, persistence mechanisms, EDR bypass attempts.
- Correlate behavioral signals across devices, network, and processes.
- Lead reverse-engineering-level triage when required (not full RE).
- Investigate identity-based attacks such as:
- Pass-the-Hash / Pass-the-Ticket
- Brute-force & password-spray
- Golden Ticket & LDAP reconnaissance
- Validate identity anomalies and domain controller alerts.
- Investigate OAuth app abuse, suspicious session activity, anomalous cloud downloads, risky cloud app usage.
- Lead investigations involving Shadow IT, SaaS abuse, and cross-cloud data exfiltration.
- Build advanced KQL hunting queries across MDE and correlated logs.
- Develop new custom detection rules based on novel threats, IOC patterns, TTPs, and behavioral anomalies.
- Lead proactive threat-hunting operations aligned with MITRE ATT&CK.
- Identify detection gaps and drive improvements across Microsoft Defender XDR.
Qualifications:
- Bachelor’s degree in Information Technology, Cybersecurity, or a related field.
- At least 5 years of hands-on experience managing Microsoft Defender solutions across identity, endpoint, Office 365, and cloud apps.
- Proven expertise in SIEM integration and centralized monitoring.
- Strong understanding of compliance frameworks such as GDPR, ISO 27001, and related regulations.
- Excellent problem-solving skills and ability to respond to emerging threats in real-time.
