Home
Company Profile:
Flentas helps enterprises leverage the full potential of the Cloud through consulting and implementation services. As an organization, Flentas brings strong technology expertise and hands-on experience to drive large-scale digital transformation initiatives and scale cloud operations. We serve clients globally, supported by a passionate team of experienced Solution Architects and Technology Enthusiasts.

Job Title: SecOps Engineer (L2)

Location: Pune, India (Hybrid)
Experience: 4+ Years

Role Overview

As a SecOps L2 Engineer, you will be the technical escalation point for security incidents across our Microsoft cloud estate. You will be responsible for proactive threat hunting, fine-tuning detection rules, and automating responses to safeguard our Azure infrastructure and M365 environment. This role requires a deep understanding of the Microsoft Unified Security Stack.

Key Responsibilities

  • Incident Response & Escalation: Act as the Tier 2 lead for investigating complex security alerts escalated by L1. Perform deep-dive forensics on compromised identities, endpoints, and cloud resources.
  • Sentinel Management: Manage and optimize Microsoft Sentinel (SIEM/SOAR). Write and refine Kusto Query Language (KQL) for custom detection rules, workbooks, and hunting queries.
  • M365 Security Operations: Monitor and remediate threats within Microsoft 365 Defender, including:
    • Defender for Endpoint: EDR/XDR response and vulnerability management.
    • Defender for Office 365: Investigating sophisticated phishing and BEC attacks.
    • Defender for Identity: Monitoring lateral movement and AD/Entra ID threats.
  • Azure Infrastructure Security: Utilize Microsoft Defender for Cloud to maintain cloud security posture (CSPM) and protect workloads (CWPP) across subscriptions.
  • Automation & Orchestration: Build and maintain Sentinel Playbooks (Logic Apps) to automate repetitive remediation tasks and reduce Mean Time to Respond (MTTR).
  • Identity Security: Monitor Microsoft Entra ID (formerly Azure AD) for risky sign-ins, manage Conditional Access policy triggers, and oversee Privileged Identity Management (PIM) alerts.

Technical Requirements

  • SIEM/SOAR: Expert-level experience with Microsoft Sentinel and KQL.
  • Cloud Platform: Strong hands-on experience with Azure Security Center / Defender for Cloud.
  • M365 Suite: Deep knowledge of the Microsoft 365 Defender portal and Purview (for data loss prevention).
  • Identity: Proficiency in Microsoft Entra ID, including Identity Protection and Governance.
  • Scripting: Ability to automate tasks using PowerShell or Python.
  • Network Security: Understanding of Azure Firewall, NSGs, and WAF logs.

Preferred Certifications

  • AZ-500: Microsoft Azure Security Technologies.
  • SC-200: Microsoft Security Operations Analyst.
  • SC-300: Microsoft Identity and Access Administrator.

Preferred Soft Skills

  • Strong analytical mindset with a focus on "connecting the dots" between disparate alerts.
  • Excellent communication skills for documenting incidents and collaborating with DevOps/Infrastructure teams.

Ability to work in a 24/7 rotational environment if required.

View all job openings