Company Profile:
Flentas helps enterprises leverage the full potential of the Cloud through consulting and implementation services. As an organization, Flentas brings strong technology expertise and hands-on experience to drive large-scale digital transformation initiatives and scale cloud operations. We serve clients globally, supported by a passionate team of experienced Solution Architects and Technology Enthusiasts.
Job Title: SecOps Engineer (L2)
Location:
Pune, India (Hybrid)
Experience:
4+ Years
Role Overview
As a SecOps L2 Engineer, you will be the technical escalation point for security incidents across our Microsoft cloud estate. You will be responsible for proactive threat hunting, fine-tuning detection rules, and automating responses to safeguard our Azure infrastructure and M365 environment. This role requires a deep understanding of the
Microsoft Unified Security Stack
.
Key Responsibilities
Incident Response & Escalation:
Act as the Tier 2 lead for investigating complex security alerts escalated by L1. Perform deep-dive forensics on compromised identities, endpoints, and cloud resources.
Sentinel Management:
Manage and optimize
Microsoft Sentinel (SIEM/SOAR)
. Write and refine
Kusto Query Language (KQL)
for custom detection rules, workbooks, and hunting queries.
M365 Security Operations:
Monitor and remediate threats within
Microsoft 365 Defender
, including:
Defender for Endpoint:
EDR/XDR response and vulnerability management.
Defender for Office 365:
Investigating sophisticated phishing and BEC attacks.
Defender for Identity:
Monitoring lateral movement and AD/Entra ID threats.
Azure Infrastructure Security:
Utilize
Microsoft Defender for Cloud
to maintain cloud security posture (CSPM) and protect workloads (CWPP) across subscriptions.
Automation & Orchestration:
Build and maintain
Sentinel Playbooks (Logic Apps)
to automate repetitive remediation tasks and reduce Mean Time to Respond (MTTR).
Identity Security:
Monitor
Microsoft Entra ID (formerly Azure AD)
for risky sign-ins, manage Conditional Access policy triggers, and oversee Privileged Identity Management (PIM) alerts.
Technical Requirements
SIEM/SOAR:
Expert-level experience with
Microsoft Sentinel
and
KQL
.
Cloud Platform:
Strong hands-on experience with
Azure Security Center / Defender for Cloud
.
M365 Suite:
Deep knowledge of the
Microsoft 365 Defender
portal and
Purview
(for data loss prevention).
Identity:
Proficiency in
Microsoft Entra ID
, including Identity Protection and Governance.
Scripting:
Ability to automate tasks using
PowerShell
or
Python
.
Network Security:
Understanding of Azure Firewall, NSGs, and WAF logs.
Preferred Certifications
AZ-500:
Microsoft Azure Security Technologies.
SC-200:
Microsoft Security Operations Analyst.
SC-300:
Microsoft Identity and Access Administrator.
Preferred Soft Skills
Strong analytical mindset with a focus on "connecting the dots" between disparate alerts.
Excellent communication skills for documenting incidents and collaborating with DevOps/Infrastructure teams.
Ability to work in a 24/7 rotational environment if required.
