Pomeroy Technologies Philippines Inc.
The Azure Sentinel / EDR Security Lead is responsible for the design, implementation, governance, and operational management of the organization's security monitoring, threat detection, and incident response capabilities. This role drives the administration of Microsoft Sentinel and Endpoint Detection and Response (EDR) platforms, driving security operations, threat hunting, automation, and continuous improvement of the organization's cybersecurity posture. The Security Lead partners with infrastructure, cloud, networking, and identity teams to protect enterprise environments across on-premises and Azure cloud platforms. Key Responsibilities Administration and optimization of Microsoft Sentinel (SIEM/SOAR) and Microsoft Defender for Endpoint (EDR). Develop and maintain security analytics rules, workbooks, dashboards, and automated response playbooks using Kusto Query Language (KQL) and Azure Logic Apps. Threat detection, threat hunting, incident response, malware investigations, and forensic analysis across cloud and endpoint environments. Integrate security logs, threat intelligence, and Microsoft security solutions, including Microsoft Defender XDR, Microsoft Defender for Cloud, and Microsoft Entra ID. Develop security automation using PowerShell, Python, and Azure Automation to improve operational efficiency and reduce response times. Monitor security posture, investigate high-priority alerts, and lead remediation efforts while ensuring compliance with security frameworks and regulatory requirements. Required Qualifications Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent experience). 5\+ years of cybersecurity or security operations experience. 2\+ years administering enterprise SIEM and EDR platforms. 2\+ years of Microsoft Sentinel administration. Experience with Microsoft Defender XDR, Microsoft Defender for Endpoint, Microsoft Defender for Cloud, and Azure security services. Strong knowledge of KQL, PowerShell, Python, Azure, networking, and incident response methodologies. Preferred Certifications Microsoft Certified: Security Operations Analyst Associate (SC-200\) Microsoft Certified: Cybersecurity Architect Expert (SC-100\) Microsoft Certified: Azure Security Engineer Associate (AZ-500\) Certified Information Systems Security Professional (CISSP) GIAC Certified Incident Handler (GCIH) CompTIA Security\+ Key Skills Microsoft Sentinel (SIEM/SOAR) Microsoft Defender for Endpoint (EDR) Microsoft Defender XDR Microsoft Defender for Cloud Microsoft Entra ID Threat Hunting \& Incident Response Kusto Query Language (KQL) Azure Logic Apps PowerShell \& Python Azure Security MITRE ATT\&CK Framework Security Automation \& SOAR SOC Operations Pay: From Php45,000\.00 per month Work Location: Remote
Pomeroy Technologies Philippines Inc.