Job Description

SOC Rule & Policy Development. Design, build and tune custom KQL detection rules in Microsoft Sentinel and Defender XDR. Develop and enforce security baselines and Intune compliance policies across endpoints. Configure Defender for Endpoint, Defender for Identity and Defender for Cloud Apps policies to enhance visibility and detection coverage. SIEM/SOAR Configuration. Configure data connectors, data collection rules (DCR/DCE) and log analytics workspaces in Azure Sentinel. Define parsing, normalization and custom table schemas for non-native data sources. Develop automated playbooks (Logic Apps) to streamline alert enrichment, notification and escalation workflows. Alerting, Tuning & Incident Response. Create and maintain alert rules, analytic queries and automation rules to ensure actionable alerts with minimal false positives. Work closely with Tier 1/2 analysts to continuously tune rule thresholds and response triggers. Conduct threat hunting activities using advanced hunting queries in Defender XDR and Sentinel. Governance & Documentation. Develop and maintain the SOC policy framework, including alert handling, escalation matrix and severity classification. Document all rule sets, configurations and workflows in a structured SOC Knowledge Base. Collaborate with compliance teams to ensure alignment with ISO 27001, GDPR and company ISMS standards. Continuous Improvement. Research new threat vectors, detection techniques and Microsoft security feature updates. Participate in red/blue team simulations to validate detection and response coverage.
Job Types: Full-time, Permanent

Pay: Up to RM8,000.00 per month

Benefits:

Free parking Health insurance Maternity leave Opportunities for promotion Professional development
Work Location: In person