Senior Secret Cleared IT Security Systems Operator to create and document Kusto Query Language (KQL) within Azure Sentinel interface in the Public Sector

Our Valued Public Sector Client is seeking a Senior Secret Cleared IT Security Systems Operator to create and document Kusto Query Language (KQL) within Azure Sentinel interface in the Public Sector

The Cyber Security Division (CSD) is seeking a consultant to craft and document Kusto Query Language (KQL) within Azure Sentinel interface, based on the industry best practices (MITRE ATT&CK Framework), in the optic of treat hunting on the client's infrastructure and services. Those queries should encompass various data such as Azure Activity Logs, Azure AD Sign-In Logs, and Microsoft Defender for Endpoint data.

Must Haves:

• 5+ years creating KQL within Azure Sentinel Interface
• 5+ years with Log Analysis from an Azure perspective
• Secret Clearance

Tasks:

• Review current query Kusto Query Language (KQL) of SOC and optimize then.
• Craft new Kusto Query Language (KQL) and documents process.
• Lead all activities required to the creation of the KQL for treat hunting and coordination with current staff of SOC.
• Coordinate information sessions and communications with different teams and areas to capture required information.
• Provide training to SOC on new query.
• Focus KQL to improve Threat hunting but not limited to:

Anomalous behavior patterns,

Detection base on IOC,

Compliance Check,

Integration with Microsoft Defender XDR.

• Review and Create new Sentinel playbooks for automatization of Incident response case.

Deliverables:

• Review and optimization of current SOC KQL by December 30, 2024
• Crafting new query using multiple sources and validate by end of February 2025
• Train SOC member on new query and adjust based on feedback ongoing trough out contract.