Contract Spy
Remote (Newcastle, UK)
Security Engineer - Microsoft Security Suite (Defender, Purview, Sentinel, KQL)
Key Responsibilities:
Administered and enhanced security controls across the Microsoft Security suite , including Microsoft Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, and Microsoft Purview DLP .
Built, optimised, and maintained DLP policies, sensitivity labels, insider risk rules, and data classification controls in Purview.
Developed advanced KQL queries for incident investigation, threat hunting, alert tuning, and custom analytics within Microsoft Sentinel and Defender portals.
Automated monitoring and detection processes using PowerShell, Python, Logic Apps, and API-based scripting , improving SOC efficiency.
Designed and implemented custom monitoring and threat detection use cases , including anomaly detection, data exfiltration patterns, endpoint behaviour triggers, and cloud misuse indicators....