We help the world Be Everyday Ready™
Today’s threatscape is relentless. So are we. At Cyderes, we specialize in building practical IAM, exposure management, and risk programs, and stopping active threats fast with MDR that works with your existing security tools — all augmented by AI and driven by seasoned operators. Our tireless global team is laser-focused on cybersecurity, arming organizations with the people, platforms, and perspectives they need to conquer whatever tomorrow throws their way.
About the Job:
The Security Engineer ll – Microsoft Sentinel & Defender XDR plays a critical engineering role within Cyderes' Managed Sentinel SIEM and MDR services.
You will go beyond basic platform administration. The Security Engineer ll is responsible for detection engineering, platform optimization, onboarding lifecycle execution, and Defender XDR integration. You will be a trusted technical resource to clients, ensuring you configure, improve, and improve their Microsoft security ecosystem. You will represent and promote the Cyderes brand by collaborating to exceed client expectations.
Responsibilities:Platform Engineering & Administration
Support intake process including coverage for Eastern Standard Time business hours.Administer and maintain Microsoft Sentinel and Defender XDR environments across managed clientsPerform health monitoring of:
Log ingestion pipelinesData connector statusAutomation guidesAnalytics rule performanceMonitor ingestion volumes and support cost optimization projectsHelp with tenant standardisation across multi-client MSSP environmentsLog Source Onboarding & Integration
Onboard new data sources into Microsoft Sentinel following established SOPs:
Validate connectivityConfirm correct parsing and schema normalisationEnsure events are visible and queryable in Log AnalyticsIntegrate Microsoft Defender data sources:
Defender for EndpointDefender for IdentityDefender for 365Defender for Cloud AppsValidate data integrity and entity mappingTroubleshoot ingestion or connector issues across Azure and third-party integrationsDetection Engineering & Use Case Development
Develop analytics rules (Scheduled, NRT, Fusion)Create and tune detection logic using KQLReduce false positives through structured tuning and rule refinementMap detections to MITRE ATT&CK frameworkImprove alert fidelity and correlation between Defender XDR and SentinelMaintain dashboards, workbooks, and reporting artefactsHelp build reusable hunting and detection librariesMonitor & Incident Support
Monitor Sentinel and Defender XDR alertsPerform Tier 2 evaluation and investigation of escalated alertsProvide clear documentation and escalation to MDR/SOC teamsSupport cause investigations for platform or telemetry issuesHelp with containment automation where applicableAutomation & SOAR
Develop Azure Logic App guidesAutomate response actions such as:
Device isolationUser disablementIP blockingTicket creationFollow change management processes for configuration updatesTest changes in lower environments when applicableDocumentation & Continuous Improvement
Contribute to:
RunbooksStandard operating proceduresOnboarding checklistsDetection documentationDocument false positives and data quality issuesProvide tuning feedback to senior engineers and architecture teamsStay current on Microsoft security roadmap changesParticipate in internal training and knowledge-sharing sessions
RequirementsEducation
Diploma or Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field (or equivalent experience)Experience
3–5 years of experience in IT security, SOC, or security engineering rolesMinimum 2 years hands-on experience with Microsoft SentinelExperience with Microsoft Defender XDR suiteExperience in MSSP or customer-facing environmentsExposure to multi-tenant environments (Azure Lighthouse)Technical Skills
Working knowledge of:
Microsoft SentinelMicrosoft Defender XDRAzure Log AnalyticsProficiency in KQLUnderstanding of:
Windows & Linux logsAzure AD / Entra IDNetworking fundamentals (TCP/IP, ports, firewalls, or proxies)Authentication and authorization modelsExperience with:
Azure Logic AppsREST APIsPowerShell or Python scriptingUnderstanding of MITRE ATT&CK frameworkFamiliarity with MDR operational workflowsCertifications
SC-200 (Microsoft Security Operations Analyst)AZ-500 (Azure Security Engineer)SC-100 (Cybersecurity Architect)Security+Relevant Microsoft Defender certificationsSoft Skills
Document investigations and platform changes thoroughlyCustomer-focused mindsetBalance operational and engineering responsibilities
#LI-Hybrid
WHY CYDERES?
Benefits that go beyond the basics, we support our people so they can do their best work.
✔ Medical Insurance - Employee + dependents covered
✔ Life Insurance - Protection for what matters most
✔ Retirement Match Program - We invest in your future
✔ Hybrid Work Model - 2–3 days in office
✔ Maternity & Paternity Leave - Time for the moments that matter
✔ Paid Time Off - PTO + sick & casual leave
✔ Bereavement & Volunteer Time - Give back to your community
✔ Professional Development - Reimbursement program
✔ LinkedIn L&D Platform - Thousands of courses at your fingertips
✔ Mobile Phone Reimbursement - Stay connected, on us
Cyderes is an Equal Opportunity Employer (EOE). Qualified applicants are considered for employment without regard to race, religion, color, sex, age, disability, sexual orientation, genetic information, national origin, or veteran status.
Note: This job posting is intended for direct applicants only. We request that outside recruiters do not contact us regarding this position.