Today's threatscape is relentless. So are we. At Cyderes, we build practical Identity & Access Management (IAM), Exposure Management, and risk programs, helping organizations stop active threats fast with Managed Detection & Response (MDR) that integrates with existing tools. Powering it all is Meridian, our entity fabric that connects identities, assets, and access into one trusted reality. Augmented by AI and driven by seasoned operators, our tireless global team arms organizations with the people, platforms, and perspectives they need to conquer whatever tomorrow throws their way.
\uD83C\uDFC6 Great Place to Work® Certified™ \u007C · United States · Canada · United Kingdom · India
About the Job:
The Senior Security Engineer – Microsoft Sentinel & Defender XDR is a senior technical authority within Cyderes' Managed Sentinel SIEM and MDR services. You will manage and contribute in advancing detection, platform reliability, and security automation for managed clients.
Beyond daily platform operations, the Senior Security Engineer leads advanced detection engineering, Create optimization and standardisation efforts, and serve as an escalation point for complex ingestion, telemetry, and investigation challenges. This role partners with MDR, SOC, architecture, and customer team members to ensure Microsoft Sentinel and Defender XDR implementations are, cost-effective, and in consideration of real-
world threat activity.
As a trusted technical advisor, you influence platform strategy, mentor junior engineers, and help shape service evolution by identifying gaps, improving alert fidelity, and ensuring scalable automation. You will represent the Cyderes brand through technical leadership, and delivery excellence that meets client expectations.
You will be reporting to Senior Manager, Managed Platforms.
Security Platform Engineering & Administration
- Be a subject matter expert (SME) for Microsoft Sentinel and Microsoft Defender XDR across managed clients
- Lead the intake process and platform readiness during Eastern Standard Time business hours
- Lead administration and lifecycle management of:
- Microsoft Sentinel
- Microsoft Defender XDR suite
- Oversee and improve platform health monitoring, including:
- Log ingestion pipelines and data normalisation
- Data connector stability and performance
- Automation strategies and SOAR workflows
- Analytics rule efficiency and alert reliability
- Analyse ingestion trends and lead cost optimization strategies across multi-tenant environments
- Guide tenant standardisation, configuration baselines, and best practices across MSSP deployments
- Be an escalation point for complex platform or telemetry issues
Log Source Onboarding & Integration
- Onboard new data sources into Microsoft Sentinel following established SOPs:
- Validate connectivity
- Confirm correct parsing and schema normalisation
- Ensure events are visible and queryable in Log Analytics
- Integrate Microsoft Defender data sources:
- Defender for Endpoint
- Defender for Identity
- Defender for Cloud Apps
- Validate data integrity and entity mapping
- Troubleshoot ingestion or connector issues across Azure and third-party integrations
- Lead onboarding of new and complex data sources into Microsoft Sentinel
- Design and evolve standard operating procedures (SOPs) for data onboarding
- Ensure: Reliable connectivity
- Accurate parsing and schema normalisation
- Entity mapping and enrichment
- End-to-end data visibility in Log Analytics
- Manage integration strategy for Microsoft Defender data sources:
- Defender for Endpoint
- Defender for Identity
- Defender for Cloud Apps
- Troubleshoot and resolve advanced ingestion, schema, or connector issues across Azure and third-party platforms
- Advise on architectural decisions related to telemetry quality and coverage
Detection Engineering & Use Case Development
- Design advanced analytics rules, including:
- Scheduled
- Near-Real-Time (NRT)
- Fusion and correlation-based detections
- Lead development and optimization of complex KQL-based detection logic
- Oversee false-positive reduction projects through structured tuning, suppression, and enrichment
- Ensure MITRE ATT&CK mapping and detection coverage analysis
- Improve cross-platform correlation between Microsoft Defender XDR and Sentinel• Design:
- Workbooks and dashboards for operational and executive visibility
- Reusable detection and threat hunting libraries
- Review and provide feedback on detection logic authored by junior engineers
Automation & SOAR Engineering
- Architect, maintain advanced Azure Logic App strategies
- Design end-to-end automation for:
- Device isolation
- Account disablement or remediation
- IP and domain blocking
- Case and ticket orchestration
- Integrate REST APIs and external systems where required
- Enforce change management and version control standards
- Validate automation through testing in non-production environments
- Identify opportunities to reduce analyst workload through automation
Leadership, Documentation & Continuous Improvement
- Be a technical mentor to Security Engineer I/II team members
- Lead or contribute to:
- Runbooks
- SOPs
- Detection documentation
- Platform onboarding standards
- Document complex investigations, detection logic, and platform decisions
- Provide strategic tuning and architecture feedback to senior engineering and security leadership
- Stay current with Microsoft security roadmap changes and new threat trends
- Participate in internal training sessions and contribute to knowledge-sharing projects
Education experience
- Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field (or equivalent
Experience
- 5–8 years of experience in security engineering, SOC, or security operations roles
- 3+ years hands-on experience with Microsoft Sentinel
- Deep experience with the Microsoft Defender XDR suite
- Experience operating in MSSP or customer-facing environments
- Hands-on exposure to multi-tenant security operations (Azure Lighthouse)
- Demonstrated experience leading security engineering projects
Technical Skills
o Microsoft Sentinel
o Microsoft Defender XDR
o Azure Log Analytics• Advanced Proficiency in KQL
o Windows & Linux logs
o Azure AD / Entra ID
o Networking fundamentals (TCP/IP, ports, firewalls, or proxies)
o Authentication and authorization models
- Hands-on experience with:
o Azure Logic Apps
o REST APIs
o PowerShell or Python scripting
- Experience with the MITRE ATT&CK framework
- Familiarity with MDR and SOC operational workflows
- Translate security telemetry into applicable detections
Certifications
- SC-200 (Microsoft Security Operations Analyst)
- AZ-500 (Azure Security Engineer)
- SC-100 (Cybersecurity Architect)
- CompTIA Security+
- Relevant Microsoft Defender certifications
Soft Skills
- Document investigations and platform changes thoroughly
- Customer-focused mindset and risk-driven approach
- Comfortable balancing hands-on engineering with strategic ownership
#LI-Hybrid
This is a hybrid remote/in-office role.
WHY CYDERES?
Benefits that go beyond the basics, we support our people so they can do their best work.
✔ Medical Insurance - Employee + dependents covered
✔ Life Insurance - Protection for what matters most
✔ Retirement Match Program - We invest in your future
✔ Hybrid Work Model - 2–3 days in office
✔ Maternity & Paternity Leave - Time for the moments that matter
✔ Paid Time Off - PTO + sick & casual leave
✔ Bereavement & Volunteer Time - Give back to your community
✔ Professional Development - Reimbursement program
✔ LinkedIn L&D Platform - Thousands of courses at your fingertips
✔ Mobile Phone Reimbursement - Stay connected, on us
Cyderes is an Equal Opportunity Employer (EOE). Qualified applicants are considered for employment without regard to race, religion, color, sex, age, disability, sexual orientation, genetic information, national origin, or veteran status.
Note: This job posting is intended for direct applicants only. We request that outside recruiters do not contact us regarding this position.
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
