Job Description

• Job Title Cyber: Vulnerability Management & Remediation Specialist

• Department: Cloud, Infrastructure and Security Services (CISS)
• Location: Australia – Melbourne / Sydney / other
• Timezone: AU Region – 9AM to 5:30 PM Sydney /Melbourne Time  
• Organisational Relationship: Project Manager

• Position Purpose: We are seeking a proactive and hands-on Microsoft Sentinel SME to lead and execute SIEM/SOAR delivery outcomes—spanning log source onboarding, detection engineering, SOAR playbook development (Logic Apps), and incident/case management workflow enablement. The role will drive ingestion design, implement integrations (native and custom), enable a defined set of Sentinel use cases, and support operational readiness including documentation, knowledge transfer, and hypercare. This role works closely with security event source owners and platform teams to run workshops, confirm prerequisites, validate data quality and parsing/normalisation, and deliver onboarding through a structured “factory” approach in time-boxed cycles.

͏

• Responsibilities (Tasks):

As a Microsoft Sentinel SME, your primary tasks will include:

• Ingestion Design & Architecture

• Lead workshops with security event source owners to confirm ingestion approach, prerequisites, ownership, and data quality expectation
• Define target ingestion patterns (native connectors/agents, syslog/CEF, APIs/custom) and document the integration architecture and onboarding plan
• Maintain and update the master event source inventory, baseline documentation, and onboarding backlog.

• Log Source Onboarding & Validation

• Implement onboarding of security event sources into Microsoft Sentinel, including validation of data intake and parsing/normalisation checks using test data.
• Support optimisation of ingestion where applicable (e.g., focusing on security-relevant events).
• Coordinate onboarding requests, approvals/change controls, and dependency tracking with customer/vendor teams.

• Detection Engineering & Use Case Enablement

• Configure and tune Sentinel analytics aligned to business requirements (e.g., enablement of a defined set of use cases).  
• Perform tuning and false-positive reduction as part of delivery cycles; support validation and sign-off per cycle closure.
• Map and align detections to MITRE ATT&CK as required for reporting and coverage visibility.

• SOAR Automation (Logic Apps)

• Develop and maintain SOAR playbooks using Microsoft Logic Apps for enrichment and response workflows, where applicable.
• Implement integrations between Sentinel and security/IT tooling to enable orchestration and automated actions.

• Incident & Case Management / ITSM Integration

Enable Sentinel incident and case management workflow capabilities and support integration with ServiceNow (ITSM) as required.

• Platform Readiness (Unified, RBAC, Access)

Support readiness activities including Unified platform enablement controls such as MTO setup / RBAC, and access enablement for third parties where approved.

• Documentation, Governance & Handover

• Produce and maintain delivery artefacts such as ingestion design documentation, build/config guides, event source baseline docs, use case documentation, incident management process documentation, and handover packs.
• Deliver analyst training and knowledge transfer during onboarding and cycle closure.
• Provide hypercare support post-implementation as required.

͏

• Knowledge

Candidate should possess foundational and practical knowledge in the following areas:

• Microsoft Sentinel (SIEM): workspace/log analytics concepts, connectors, analytics rules, incidents/cases, workbooks, and operational use.
• Ingestion patterns: native connectors/agents, syslog/CEF, API/custom integrations, and ingestion design planning.
• SOAR: Microsoft Logic Apps for security automation and orchestration.
• Data validation: parsing/normalisation checks, test data validation, data quality troubleshooting.
• Security operations frameworks: MITRE ATT&CK alignment and use case mapping concepts.

• Skills:

Candidates must demonstrate proficiency in the following skills:

• • Analytical Thinking: Strong ability to analyse complex security event ingestion cases & threat detection scenarios.
  • Problem Solving: Aptitude for diagnosing and resolving security tasks efficiently and effectively.
  • Technical Proficiency: Hands-on experience with MS/Azure Sentinel, Azure platform.
  • Communication: Excellent verbal and written communication skills, with the ability to articulate complex technical information clearly to both technical and non-technical audiences (e.g., end-users, management).
  • Collaboration & Teamwork: Ability to work effectively within a team environment and collaborate cross-functionally with various internal and external stakeholders.
  • Documentation: Skill in creating clear, concise, and comprehensive documentation, including process, procedures, reports and knowledge articles.
  • Prioritisation & Time Management: Ability to manage multiple tasks, prioritise effectively, and perform under pressure during exploit situations.

͏

• Experience & Qualifications:

• • Experience: Minimum 10 years in SOC/SIEM, security engineering, or SIEM implementation roles, with demonstrated hands-on Microsoft Sentinel delivery experience
  • Certifications (preferred):
    • SC 200
    • AZ 900 / 500
  • Preferred Technical Skills: Familiarity with scripting languages (e.g., Python, PowerShell) for automation and analysis.

͏

Deliver