MS Sentinel Specialist

Insighture is a leading technology consultancy that drives digital transformation for businesses worldwide. With a team of over 85 expert consultants, the company delivers tailored, high-impact strategies and solutions, enabling scalable product engineering. As an AWS partner, Insighture excels in co-integrated cloud services. It has collaborated with more than 50 clients globally, guiding them through cloud adoption, DevOps transformation, enterprise modernisation, and more.

The team’s expertise spans Cloud-Native Development, Solutions Architecture, UI/UX, Quality Engineering, Data Engineering, AI/ML, and DevSecOps. These capabilities empower businesses to achieve impactful and innovative outcomes.

In 2024, Insighture achieved ISO certification and was recognised as a Great Place to Work, earning three prestigious awards: Best Workplace in Sri Lanka, Best Workplace for Technology, and Best Workplace for Young People. Insighture's technology and expertise are embedded in the work of internationally recognised care providers, global freight operations, child protection systems, and health tech platforms across Australia, the UK, and Singapore.

We are seeking an experienced Enterprise Architect – EUC/EUT with a strong background in designing and governing large-scale end-user technology environments. This role will drive the architecture, security, and optimization of enterprise end-user computing platforms, ensuring scalable, secure, and high-performing digital workplace solutions.

Requirements

• Minimum 10 years in SOC/SIEM, security engineering, or SIEM implementation roles, with demonstrated hands-on Microsoft Sentinel delivery experience
• Certifications (preferred): SC 200 and AZ 900 / 500
• Familiarity with scripting languages (e.g., Python, PowerShell) for automation and analysis.

Responsibilities

• Lead workshops with security event source owners to confirm ingestion approach, prerequisites, ownership, and data quality expectation
• Define target ingestion patterns (native connectors/agents, syslog/CEF, APIs/custom) and document the integration architecture and onboarding plan
• Maintain and update the master event source inventory, baseline documentation, and onboarding backlog.
• Implement onboarding of security event sources into Microsoft Sentinel, including validation of data intake and parsing/normalisation checks using test data.
• Support optimisation of ingestion where applicable (e.g., focusing on security-relevant events).
• Coordinate onboarding requests, approvals/change controls, and dependency tracking with customer/vendor teams.
• Configure and tune Sentinel analytics aligned to business requirements (e.g., enablement of a defined set of use cases).
• Perform tuning and false-positive reduction as part of delivery cycles; support validation and sign-off per cycle closure.
• Map and align detections to MITRE ATT&CK as required for reporting and coverage visibility.
• Develop and maintain SOAR playbooks using Microsoft Logic Apps for enrichment and response workflows, where applicable.
• Implement integrations between Sentinel and security/IT tooling to enable orchestration and automated actions.
• Enable Sentinel incident and case management workflow capabilities and support integration with ServiceNow (ITSM) as required.
• Support readiness activities including Unified platform enablement controls such as MTO setup / RBAC, and access enablement for third parties where approved.
• Produce and maintain delivery artefacts such as ingestion design documentation, build/config guides, event source baseline docs, use case documentation, incident management process documentation, and handover packs.
• Deliver analyst training and knowledge transfer during onboarding and cycle closure.
• Provide hypercare support post-implementation as required.
• Candidate should possess foundational and practical knowledge in Microsoft Sentinel (SIEM), Ingestion patterns, SOAR and Data validation.