Security Engineer

Security Engineer

Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Threat Intelligence Operations is a must-have skill. Minimum 7.5 year(s) of experience is required. 15 years full time education is required.

We are looking for an experienced and detail-oriented Security Delivery Specialist to support the delivery of cybersecurity services focused on Microsoft Sentinel. The ideal candidate will have hands-on expertise in Sentinel configuration, log source onboarding (Cribl, Logstash), KQL analytics, and threat modeling. The candidate will also collaborate closely with VM teams to develop PC10-aligned threat models during application onboarding.

Roles & Responsibilities:

• Deliver and support security solutions using Microsoft Sentinel.
• Configure and optimize Sentinel: develop analytics rules, hunting queries, workbooks, playbooks, and alert mechanisms.
• Develop threat models aligned to PC10 standards for critical applications.
• Work with VM teams to define threat scenarios, attack paths, and relevant detections for newly onboarded applications.
• Perform gap analysis of detection coverage based on MITRE ATT&CK or other frameworks.
• Identify and prioritize high-risk use cases and translate them into Sentinel detection rules.
• Identify critical assets, data flows, and entry points in applications or infrastructure.
• Categorize assets based on business impact and risk exposure.
• Develop and maintain threat models aligned to PC10 controls (such as those from MAS TRM, RBI, or internal regulatory frameworks).
• Create and maintain threat modeling documentation, including threat matrices, risk ratings, and mitigation strategies.
• Support periodic reviews and updates of threat models as applications evolve.
• Coordinate with engineering and SOC teams to operationalize detection logic derived from threat models.

Professional & Technical Skills:

• Microsoft Sentinel: Strong hands-on experience with SIEM/SOAR, KQL query development, alert tuning, hunting, and automation.
• Log Source Onboarding: Experience managing pipelines and ensuring enriched logs are captured and with normalized ingestion.
• ASIM Parsing: Proficiency in mapping raw logs to schemas such as DeviceEvents, NetworkSession, etc.
• Threat Modeling (PC10): Ability to identify assets, threats, and mitigations; develop risk-driven detection use cases; and maintain structured models.
• Collaboration with VM and Application Security teams for onboarding and modeling real-world attack scenarios.
• Familiarity with MITRE ATT&CK, STRIDE, or similar frameworks for structured analysis.
• Update threat models as applications evolve, new threats emerge, or infrastructure changes.
• Experience using tools such as Threat Modeling Tool (TMT) or Visio for visual representation of threat flows.
• Strong understanding of incident detection, investigation, and response.
• Maintain a central repository of threat models for all onboarded applications.
• Link threat modeling outcomes directly to SOC playbooks and automation.
• Scripting knowledge in PowerShell, KQL, or other scripting languages is an advantage.

Additional Information:

• Minimum 7+ years of experience in cybersecurity, security operations, or cloud security services.
• Role based in Bengaluru.
• Requires 15 years of full-time education.