Ayan Infotech has an urgent and immediate requirement for a MS Sentinel Specialist for a long term contract job opportunity in Melbourne.
All applicants must have full unrestricted work rights in Australia.
Title: MS Sentinel Specialist
Location: Melbourne
Type: Contract (6-12 months)
Work Arrangement: Hybrid (2-3 days in office in a week)
Required Skills and Experience:
- Minimum 10 years in SOC/SIEM, security engineering, or SIEM implementation roles, with demonstrated hands-on Microsoft Sentinel delivery experience. Certifications - SC 200; AZ 900 / 500
- Familiarity with scripting languages (e.g., Python, PowerShell) for automation and analysis.
As a Microsoft Sentinel SME, your primary tasks will include:
Ingestion Design & Architecture
- Lead workshops with security event source owners to confirm ingestion approach, prerequisites, ownership, and data quality expectation
- Define target ingestion patterns (native connectors/agents, syslog/CEF, APIs/custom) and document the integration architecture and onboarding plan
- Maintain and update the master event source inventory, baseline documentation, and onboarding backlog.
Log Source Onboarding & Validation
- Implement onboarding of security event sources into Microsoft Sentinel, including validation of data intake and parsing/normalisation checks using test data.
- Support optimisation of ingestion where applicable (e.g., focusing on security-relevant events).
- Coordinate onboarding requests, approvals/change controls, and dependency tracking with customer/vendor teams.
Detection Engineering & Use Case Enablement
- Configure and tune Sentinel analytics aligned to business requirements (e.g., enablement of a defined set of use cases).
- Perform tuning and false-positive reduction as part of delivery cycles; support validation and sign-off per cycle closure.
- Map and align detections to MITRE ATT&CK as required for reporting and coverage visibility.
SOAR Automation (Logic Apps)
- Develop and maintain SOAR playbooks using Microsoft Logic Apps for enrichment and response workflows, where applicable.
- Implement integrations between Sentinel and security/IT tooling to enable orchestration and automated actions.
Incident & Case Management / ITSM Integration: Enable Sentinel incident and case management workflow capabilities and support integration with ServiceNow (ITSM) as required.
Platform Readiness (Unified, RBAC, Access):Support readiness activities including Unified platform enablement controls such as MTO setup / RBAC, and access enablement for third parties where approved.
Documentation, Governance & Handover
- Produce and maintain delivery artefacts such as ingestion design documentation, build/config guides, event source baseline docs, use case documentation, incident management process documentation, and handover packs.
- Deliver analyst training and knowledge transfer during onboarding and cycle closure.
- Provide hypercare support post-implementation as required.
Contact: 02 9412 4178 for more details.
www.ayaninfotech.com
