Purpose of Position
In this role, you will manage our SIEM, investigate security incidents, research and implement security tools, and participate in the Security Operations on-call rotation.
Core Responsibilities
- SIEM Management & Optimization: Serve as the primary administrator for Microsoft Sentinel. This includes managing log ingestion from diverse sources (AWS, Azure, Defender for Endpoint, Akamai, etc.), optimizing data pipelines, and monitoring costs to ensure efficiency. Design and build comprehensive dashboards and workbooks to provide clear visibility into our security posture and key metrics for business and technical stakeholders.
- Detection Engineering: Create, tune, and maintain security detection rules and alerts in Microsoft Sentinel, focusing on use cases relevant to our core business functions. Develop and refine detections based on threat intelligence and MITRE ATT&CK framework coverage analysis, with a keen focus on identifying gaps in our current logging and alerting.
- Incident Investigation & Response: Lead in-depth technical investigations for security incidents, from triage to resolution. Analyze and correlate security events from across our hybrid cloud environment, leveraging logs and signals from AWS GuardDuty, Azure Monitor, Defender for Endpoint, and our CSPM. Provide actionable remediation plans and contribute to post-incident reviews to strengthen our defences.
- Tooling & Automation: Research, evaluate, and implement new security technologies across the entire organization, from endpoints to cloud infrastructure, leading project planning and implementation.
- On-Call & Response: Participate in the SecOps on-call rotation to provide rapid security incident response support.
- Security Control Efficacy Testing: Run simulated attacks (e.g., using open-source tools or dedicated platforms) to test the effectiveness of existing security controls and detections.
Professional experience and skills
- 3+ years in Incident Response, Detection Engineering or Threat Hunting
- Participation in a formal incident response program, including on-call rotations and post-incident analysis.
- Experience collaborating with engineering teams to implement security-by-design principles and resolve security findings.
- Ability to deconstruct complex security incidents, correlate data from disparate sources, and identify root causes.
- Strong verbal and written communication skills to effectively articulate technical risks to non-technical stakeholders (e.g., GRC, Legal, Finance) and coordinate with engineering teams during incidents.
- Formal security certifications such as CISSP, CySA+, GIAC and AWS Security certifications are appreciated
- Strong hands-on experience with SIEM platforms, specifically with Microsoft Sentinel or a similar enterprise-grade solution.
- Demonstrated experience in security incident response within AWS and Azure cloud environments.
- Proficiency in query languages like KQL, and scripting languages like PowerShell or Python for data analysis and automation. Experience utilizing APIs for custom tooling is preferred.
- Experience with Endpoint Detection and Response (EDR) solutions like Microsoft Defender for Endpoint.
Our Offer
- Flexi-Week and Work-Life Balance: We prioritise your mental health and wellbeing, offering you a flexible four-day Flexi-Week at full pay and with no reduction to your annual holiday allowance. We also offer a variety of different paid special leaves.
- Flexi-Office: We offer an international culture and flexibility through our Flexi-Office and hybrid/remote work possibilities to work across Awin regions
- Health & Well Being: With our support and access to various initiatives and sports offers, you can devote yourself to your mental and physical well-being. .
- Development: We’ve built our extensive training suite Awin Academy to cover a wide range of skills that nurture you professionally and personally, with trainings conveniently packaged together to support your overall development.
- Remote Working Allowance: You will receive a monthly allowance to cover a part of your running costs. In addition, we will support you in setting up your remote workspace appropriately.
- Appreciation: Thank and reward colleagues by sending them a voucher through our peer-to-peer program.
- We are hiring in multiple countries, additional benefits in terms of health, well being, security and more will be discussed further upon first initial interview with the talent team.
Established in 2000, Awin is proud of our dynamic, social and inclusive culture.
Like all businesses, we’ve had to adapt and nurture our culture in a virtual environment. Our virtual ‘Life @ Awin’ hub brings our colleagues from across the globe together for various social activities.
Diversity & Inclusion are paramount to us, and we proudly pursue and hire diverse team members. We champion uniqueness and authenticity; this is who we are at our core. Our network of affiliate partnerships are diverse and transparent, as are the employees powering our vision to build the world’s leading open partner ecosystem. We welcome all backgrounds, identities, and experiences. If you need support at any point in the application or interview process, please let us know.
Apply now to begin the next stage of your career at a progressive company that supports both your professional and personal development.