Senior Microsoft Sentinel / SIEM Engineer - #1765203
Cloud Decisions
Job Title:Senior Microsoft Sentinel Consultant To £85,000 + Benefits + Microsoft Fully Remote, UK(*Global Microsoft Managed MISA Partner + complex Sentinel Engineering/Integration)The OpportunityThis is a standout opportunity for a Microsoft Sentinel expert to step into a high-impact, technically advanced role with a global security Microsoft powerhouse.
You'll be joining a Microsoft managed global partner, a prominent MISA member, a team with Security MVP's and a Microsoft Verified Safe XDR Solution Partner, and a trusted Security Depth Partner. In short giving you unparalleled access to Microsoft’s security product roadmap, security previews, and frontline support. You'll work at the sharp end of cyber defence, directly contributing to investigations involving nation-state threat actors (including IR, CH, and NK based campaigns) while refining your craft across enterprise-scale log ingestion and customised Sentinel integration engineering that will stretch your skills, give you opportunity to ingest complex logs from a mass of cloud and data sources and the chance to learn these as you go.
The RoleYou'll own and optimise enterprise-wide log onboarding into Microsoft Sentinel – deploying standard and custom connectors, Function Apps, and parsers to build tailored SIEM solutions that drive real-world threat detection and response. Log ingestion at scale across numerous hybrid and multi-cloud environments
Enhance custom Function Apps and ingestion pipelines
Parse, normalise, and optimise log telemetry to ensure precision and cost control
Partner with IR teams on real attacks – tuning rules against live threat actor activity
Sync closely with Microsoft teams to build cutting-edge detection capabilities
Contribute to internal knowledge base and help shape engineering standards
What's needed?Experience building and integrating complex Microsoft Sentinel at SMC and enterprise
Understanding of security telemetry across identity, endpoint, cloud, and network layers
Experience in SIEM content development, including KQL, analytics rules, and custom data connectors
Scripting and engineering skills – Python, PowerShell, APIs, Function AppsA background in cyber threat detection, incident response or DFIR is a real plus
Comfortable working in very fast-moving, customer facing delivery environments
The Technical Shizzle:Microsoft Sentinel (KQL, Analytics Rules, Workbooks, Watchlists)Azure Function Apps, Logic Apps, ARM templatesPowerShell, Python, REST APIsLog ingestion and parsing across multi platforms (Azure/AWS/GCP, M365, Defender, Entra, Copilot, Carbon Black, Okta + Tier 1 Network vendors)MITRE ATT&CK, threat detection frameworks, IOC enrichment
Ability to go and work things out is crucial
Sentinel/Log Analytics Cost Management and Data OptimisationWhat’s In It for You?Direct access to Microsoft Sentinel product teams and early feature previews
Deep involvement in real-world nation-state attack detection
Huge opportunity to stretch and sharpen you Sentinel mastery
Be part of a Microsoft Security elite MISA and Depth partner
Exposure to multi-cloud detection and advanced security automation
Fully remote, highly flexible work culture with global team collaboration
Recognition, career progression and growth all within a global Microsoft specialist and respected security consultancy
How to apply
To apply for this job you need to authorize on our website. If you don't have an account yet, please register.
Post a resume