Lead Security Operations Engineer

Company: EDI Specialists, Inc.
Location: Collingswood
Posted on: April 11, 2025

Job Description:

Role Summary

Qualifications, skills, and all relevant experience needed for this role can be found in the full description below.
Maintains responsibility for the expansion and maintenance of our threat detection and incident response toolset working closely with our external Security Operations Center (SOC). With a strong knowledge of and deep understanding of Microsoft security technologies, enhances our proactive monitoring, automation, and threat mitigation capabilities.

Major Responsibilities Deploys, configures, and manages Microsoft Sentinel SIEM (security information and event management) for enterprise-wide security event monitoring.
Develops custom log ingestion from Microsoft and third-party sources into Sentinel.
Helps create, fine-tune, and maintain Kusto Query Language (KQL) queries for advanced threat hunting and alert tuning.
Maintains and optimizes Microsoft Defender configurations, including policies, exclusions, and response actions.
Integrates threat intelligence feeds as needed into Sentinel for enhanced threat detection.
Implements and manages Microsoft Defender for Cloud to monitor and secure Azure workloads.
Supports Windows security hardening using Defender and Group Policy configurations.
Develops Sentinel automation rules and workflows to reduce false positives and enhance alert accuracy.
Continuously improves SIEM correlation rules, alerts, and response procedures.

Additional Responsibilities Improves Security Operations Center (SOC) efficiency through PowerShell scripting, API integrations, and automation.
Monitors SOC escalations and security alerts from Microsoft Defender for Endpoint, Defender for Identity, Defender for Office 365, and Defender for Cloud.

Required Skills & Personal Qualifications Expertise in Microsoft Sentinel SIEM (security information and event management), including log ingestion, Kusto Query Language (KQL) queries, and automation.
Hands-on experience with Microsoft Defender for Endpoint, Identity, Office 365, and Cloud.
Strong knowledge of Windows security architecture, including Active Directory, Group Policy, and Windows Defender settings.
Experience in incident response, threat hunting, and forensic analysis.
Ability to write and optimize KQL queries for advanced security analytics.
Familiarity with MITRE Telecommunication & CK framework and common attack techniques.
Deep understanding of Microsoft security technologies and will help enhance our proactive monitoring, automation, and threat mitigation capabilities.

EDUCATION/EXPERIENCE REQUIREMENTS: BA/BS degree or equivalent experience. At least 4-6 years of experience in Security Operations (SecOps) or SOC.

PREFERRED CERTIFICATIONS: Microsoft SC-200 (Microsoft Security Operations Analyst) certification
Microsoft AZ-500 (Microsoft Azure Security Technologies) certification

WORK ENVIRONMENT Hybrid Role: Remote work 2 days per week (After 90 Days Onboarding)

Keywords: EDI Specialists, Inc., Wilmington , Lead Security Operations Engineer, Engineering , Collingswood, Delaware