Sr. Cloud Engineer M365-Defender (L3)

Job Description:

Position – Sr. Cloud Engineer M365 - MS Defender for Endpoint (Level 3)

Eligibility Criteria:

• Minimum of 5+ years of experience in IT security, with at least 2+ years focused on Microsoft Defender for Endpoint.
• Should be Graduate or Above
• Should have extensive working knowledge of Microsoft Office365 cloud.

 Principal Responsibilities:                                  

• Responsible for providing high end Technical & Project based support & consultation for Microsoft 365 Cloud
• The candidate will be required to architect, design and implement solutions using different services & solutions offered by Microsoft 365 package
• Handling Tier 2 / escalations for Microsoft 365 related issues.
• Help Tier 1 & Tier 2 resources to address the Microsoft 365 related issues
• Troubleshooting the advanced Microsoft 365 issues and performing call backs ensuring issues are resolved in the defined SLA & appropriate solution is provided to the customer.
• Will be responsible for updating, sharing daily, weekly & monthly Microsoft 365 related tickets tracker & analysis.
• Resolving any global, cross-functional or work-team issues.
• Defining key management routines and governance strategy to ensure effective business process execution.
• Reporting and trending on the effectiveness of the solutions and standards.
• Initiate improvements in tools, requirements gathering, processes, and people responsible to investigate causes, tests solutions & suggest solutions in place to reduce the time taken to resolve the Microsoft 365 related tickets.
• Understanding Microsoft 365 support priorities and objectives and takes an active role in accomplishing them.
• Should be able to use & provide advanced tools for Microsoft 365 issues diagnosis & troubleshooting
• Responsible for handling individual projects related to new implementations, improvisations or migrations to Microsoft 365 from multiple source platforms.

Behavioral Skills

• Excellent verbal & written Communication skills
• Should have excellent customer handling & listening skills
• Strong analytical skills
• Strong problem-solving skills
• Change Management & decision-making skills.
• Quick decision maker and fast learner
• Result Oriented & able to deliver within timelines

Technical Skills:

• Deep understanding of Microsoft Defender for Endpoint, including its components, features, and configuration options.
• Strong knowledge of Windows operating systems and Active Directory.
• Proficiency in PowerShell scripting and automation.
• Experience with security technologies such as firewalls, intrusion detection systems, and SIEM.
• Familiarity with threat intelligence feeds and analysis techniques.
• Understanding of network protocols and security concepts.

• Microsoft Entra ID: Should have extensive knowledge in AZURE AD (Microsoft Entra ID) and AD Connect (Microsoft Entra Connect) implementation.
• Should have hands on experience in Register / Join / Hybrid Join devices to Azure Active Directory (Microsoft Entra ID).

• Microsoft Endpoint Manager: Should have working knowledge on Microsoft Intune (Microsoft Endpoint Manager).
• Show have hands on experience in enrolling devices, compliance and configuration policies.
• Windows Autopilot, setting up Windows, Android, IOS, macOS enrollment.
• Troubleshooting device enrollment issues, configuring applications on devices.
• Design, implement, and maintain Microsoft Intune infrastructure for device and application management.
• Integrate Intune with other Microsoft 365 services, including Azure AD, Endpoint Manager, and Conditional Access.
• Manage and troubleshoot issues related to device compliance, app protection policies, and conditional access.

• Microsoft Defender for Endpoint: Develop and optimize advanced hunting queries and custom detection rules, Analyze complex security incidents and lead threat hunting initiatives.
• Deep expertise in Microsoft Defender for Endpoint, including advanced features and integrations.
• Familiarity with threat intelligence platforms and their integration with Defender for Endpoint.
• Analyze and tune detection rules to reduce false positives while maintaining security efficacy.
• Identify and resolve performance issues related to Defender for Endpoint.
• Provide best practices for policy management and security baselines.
• Configure data connectors for Azure Sentinel to ingest logs from diverse sources (e.g., Azure services, on-premises environments, third-party systems).
• Knowledge of incident detection techniques, such as IOC (Indicators of Compromise) matching and anomaly detection.
• Conducting proactive threat hunting using Azure Sentinel features.
• Configuring API-based integrations and custom data collection using Azure Monitor or Logic Apps.
• Strong understanding of EDR (Endpoint Detection and Response) principles and practices.
• In-depth knowledge of Microsoft Defender XDR components, features, and configuration options, including unified threat management, automated investigation and response, and threat hunting.
• In-depth knowledge of MDE components, features, and configuration options, including:

• Endpoint Detection and Response (EDR)
• Threat and Vulnerability Management (TVM)
• Attack Surface Reduction (ASR)
• Exploit Protection
• Behavioral Analysis

• Security Analysis and Incident Response:

• Threat Hunting: Ability to proactively search for and identify advanced threats using MDE's threat hunting capabilities.
• Incident Response: Experience in responding to security incidents, conducting investigations, and implementing remediation measures.
• Log Analysis: Proficiency in analyzing security logs (e.g., Windows event logs, MDE logs) to identify anomalies and potential threats.
• Diagnose and resolve complex MDE-related issues, including endpoint detection and response (EDR) alerts, investigation, and incident response.

Preferred Certifications:

• SC -200: Microsoft Certified: Security Administrator Associate
• SC - 300: Microsoft Certified: Security Operations Analyst Associate
• SC - 400: Microsoft Certified: Information Protection and Compliance Administrator Associate
• MS-102: Microsoft 365 Administrator
• MD-102: Microsoft 365 Certified: Fundamentals