Microsoft Defender and Sentinel Engineer

at  EY

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.
EY’s people in more than 150 countries are committed to operating with integrity, quality and professionalism in the provision of audit, tax, transaction and consulting services. We strive to help all of our people achieve their professional and personal goals through an inclusive environment that values everyone’s contributions, appreciates diversity of thought, fosters growth, and provides continuous opportunities for development. Recognized as one of Canada’s top employers, EY continually strives to be a great place to work.

THE OPPORTUNITY

EY is investing in the creation of cutting edge and disruptive security products that leverage Microsoft technologies and we are looking for a Microsoft Sentinel/Defender expert to help drive this initiative. You will join our new dedicated Microsoft team helping to develop and plan our strategy, support the development of our capabilities and operationalizing our offerings. In this role, you will also participate in key opportunities and engagements to provide leadership and support to help successfully deliver and grow our practice.
As a driven, results-oriented professional, you will work across teams to provide the knowledge, resources and tools that help EY deliver exceptional service to our internal and external clients, win in the marketplace and support EY’s growth and profitability. This role will provide you with visibility and participation across all sectors, deal sizes, competencies, and offerings. The successful candidate will have a rare opportunity to see how the firm operates across all our service lines (Consulting, Tax, Assurance, Strategy and Transactions and industries.

SKILLS AND ATTRIBUTES FOR SUCCESS

• Microsoft Security Knowledge: Proficiency in Microsoft security products is essential, particularly in Microsoft Sentinel and Microsoft Defender. This includes familiarity with the implementation, administration, and troubleshooting of both tools
• Threat Detection and Analysis Skills: An understanding of threat detection and response is critical. This includes the ability to create, manage, and investigate incidents and alerts, understanding security threats, anomalies, and breach patterns.
• Azure Knowledge: Since Microsoft Sentinel is a cloud-based SIEM, knowledge about Azure cloud services, Azure Log Analytics, and how these integrate with Sentinel is needed. You need to understand how to ingest data from various sources into Azure Sentinel.
• Security Incident and Event Management (SIEM): Knowledge of SIEM concepts and capabilities is crucial.
• Programming and Scripting: Familiarity with scripting languages, such as PowerShell or KQL (Kusto Query Language, used in Azure Sentinel for data querying)

YOUR KEY RESPONSIBILITIES

As a member of our team you are key to our solution development/support, monitoring/reporting, program governance, and reporting to key stakeholders, including our executive and the lead Architect.
Your key responsibilities will include:

Hands on design and configuration of the Microsoft Defender and Sentinel product Suites

• Expressing configuration and development of Sentinel and Defender using Infrastructure as Code (IaC)
• Providing Overall Cybersecurity expertise to the team and our clients
• Development of advanced Sentinel queries and playbooks
• Logic App development
• Potential Live Cybersecurity Response in a Managed Services/Operations setting
• Helping leverage AI to automate Investigation and Response
• The development of Cybersecurity decoy systems to lure attackers off track leveraging Microsoft tools
• Endpoint Detection and Response support and administration

The Microsoft Defender/Sentinel Engineer role will design and implement the Defender and Sentinel aspects of our products. This will be done leveraging Infrastructure as Code (IAC). The Engineer will also work with offshore colleagues to configure and deploy the various solutions.
Our Microsoft Technology Stack: Azure, M365, Dynamics, Purview. Priva, Entra, Defender & Sentinel

TO QUALIFY FOR THE ROLE, YOU MUST HAVE

• Good executive presence
• Ability to work independently or team with others as required
• Minimum of 5 years of Cybersecurity experience
• Excellent collaboration and presentation skills, and the confidence to challenge senior colleagues and stakeholders from a diverse range of backgrounds