Cyber Security Engineer

A Security Automation Engineer to build and operationalize the automation that correlates Crowd Strike Falcon Device Control telemetry with Active Directory/Azure Entra  changes in Microsoft Sentinel, and then programmatically updates Crowd Strike device control policy group membership via API. The engineer will own the scripting, testing, and configuration working - with our client - required to implement the end‑to‑end flow defined in our design.

Minimum Qualifications:

• 5+ years in security engineering/automation with SIEM (Microsoft Sentinel) and endpoint security integrations.
• Proficiency in KQL, Python and/or Power Shell, and REST/OAuth2 API integration.
• Hands‑on experience with Crowd Strike Falcon (preferably Device Control), FDR pipelines, and API‑driven policy management.
• Solid understanding of Windows Security Event Log semantics—especially 4728/4729 (group membership changes), 6416 (new device recognized), 4663 (file access)—and how to correlate with endpoint telemetry.
• Cloud data engineering basics: AWS S3 object lifecycle, schema evolution, and secured ingestion;
  Azure identity fundamentals.

Preferred Qualifications:

• Experience building SOAR playbooks (e.g., Sentinel Automation Rules/Logic Apps) and CI/CD pipelines for security automations.
• Prior implementation of device control/DLP workflows and handling USB policy exceptions at scale.
• Exposure to regulated environments (e.g., healthcare/life sciences) and change‑controlled releases.
• Familiarity with Entra  (formerly Azure AD) group modeling and hybrid AD sync nuances.