Senior Defender Endpoint & SIEM Security Engineer

Carex is partnering with a Financial Services industry partner to identify a Senior Security Engineer who will serve as the technical authority for the Microsoft security stack across cloud and hybrid environments. This role bridges security strategy and hands-on execution, owning detection engineering, incident response leadership, and secure architecture design while mentoring engineers and strengthening overall defensive posture.

What You’ll Do

• Lead detection engineering within the SIEM platform, including use case development, correlation rule tuning, and alert optimization.
• Own the technical strategy and architecture for Microsoft Defender for Endpoint, including policy design and advanced investigation capabilities.
• Lead and coordinate response to significant security incidents, performing root cause analysis and driving control improvements.
• Conduct proactive threat hunting across endpoints, identity platforms, and cloud environments.
• Define and maintain secure configuration standards for Azure, Microsoft 365, and hybrid infrastructure.
• Design and optimize identity security controls, including conditional access, privileged access management, and identity governance.
• Establish logging standards and enhance telemetry coverage across infrastructure, cloud, and identity systems.
• Participate in architecture and design reviews to identify security risks early and recommend practical mitigations.
• Guide vulnerability management strategy and remediation prioritization.
• Support cybersecurity audits and regulatory examinations through technical validation of control effectiveness.
• Mentor Security Engineers and contribute to the technical maturity of the security program.

• 7+ years of experience in security engineering or advanced security operations.
• Deep hands-on expertise with Microsoft Defender for Endpoint and SIEM platforms such as Microsoft Sentinel.
• Strong experience with automation and scripting, including Power Shell, Python, and KQL.
• Advanced understanding of cloud security architecture, particularly within Azure environments.
• Proven experience leading incident response efforts and conducting root cause analysis.
• Bachelor’s degree or equivalent practical experience.
• One or more relevant security certifications (AZ?500, CCSP, CISSP, or GIAC preferred).
• Ability to operate effectively in fast-paced, evolving environments while managing multiple priorities with precision.