If you need support in completing the application or if you require a different format of this document, please get in touch with at UKI.recruitment@tcs.com or call TCS London Office number 02031552100 with the subject line: “Application Support Request”. Role: Senior Security SME – Microsoft Stack Job Type: Permanent Location: Manchester Ready to utilize your knowledge of Senior Security SME? We have an exciting role for you – Senior Security SME – Microsoft Stack! Careers at TCS: It means more TCS is a purpose-led transformation company, built on belief. We do not just help businesses to transform through technology. We support them in making a meaningful difference to the people and communities they serve - our clients include some of the biggest brands in the UK and worldwide. For you, it means more to make an impact that matters, through challenging projects which demand ambitious innovation and thought leadership. Gain access to endless learning opportunities. Lead a team and their technical growth. Collaborate with customers and stakeholders. The Role As a Senior Security SME, you will take a lead role in advanced engineering work for SIEM and XDR, escalated security incident response, and advanced threat hunting. We are seeking a highly skilled and experienced L3 SME with strong engineering knowledge and deep expertise in Microsoft Sentinel and the Microsoft Defender suite (full range of XDR). As the customer is expected to their controls using other tools in this space, we expect the candidate to skill up and seamlessly expand alongside. Key Responsibilities : Security Engineering & Platform Management: Onboard and integrate new data sources into Microsoft Sentinel, ensuring accurate log ingestion and parsing. Build and manage data connectors, custom log parsers, and normalization schemas. Collaborate with cloud and infrastructure teams to onboard telemetry from endpoints, identity systems, and SaaS platforms. License Usage Monitoring & Optimization Monitor Microsoft Sentinel and Defender license consumption on an ongoing basis. Analyze and average daily ingestion volumes, ensuring alignment with the procured license limits. Recommend optimization strategies to control costs without compromising visibility or detection capabilities. Automation & Response: Design and implement automated response workflows using Sentinel playbooks (Logic Apps).Enhance response efficiency by developing SOAR integrations across security tooling. Advanced Threat Detection & Incident Response: Investigate and analyze complex security incidents escalated from L1/L2 SOC analysts. Leverage Microsoft Sentinel (SIEM) and Microsoft Defender XDR to conduct in-depth incident response .Correlate multi-source telemetry (network, endpoint, identity, cloud) to identify and contain threats. Threat Hunting & Detection Engineering: Perform proactive threat hunting using KQL within Microsoft Sentinel. Develop and fine-tune custom analytics rules, workbooks, and hunting queries. - Apply the MITRE ATT&CK framework to build coverage and improve threat visibility. Documentation & Reporting: Produce comprehensive incident reports and root cause analyses. Maintain technical documentation for use cases, configurations, response procedures, and data source onboarding. Generate regular dashboards and reports for SOC leadership and compliance stakeholders. Your Profile Key skills/knowledge/experience: Bachelor’s degree in computer science, Cybersecurity, Engineering, or a related field. Hands-on experience in cybersecurity operations. Experience with Microsoft Sentinel and Microsoft Defender suite. Strong skills in KQL (Kusto Query Language) and Security architecture and data integration, Azure and Microsoft 365 security services Experience in onboarding and managing log sources in a SIEM. Understanding of log ingestion cost management and licensing considerations in Sentinel. Familiarity with cloud-native security tools and threat intelligence integration. Scripting experience in PowerShell, Python - Desirable Skills : SC-200: Microsoft Security Operations Analyst AZ-500: Microsoft Azure Security Technologies GCIA, GCIH Strong communication skills, customer management skills, team management skills, and managing challenging cybersecurity role. Rewards & Benefits TCS is consistently voted a Top Employer in the UK and globally. Our competitive salary packages feature pension, health care, life assurance, laptop, phone, access to extensive training resources and discounts within the larger Tata network. We offer health & wellness initiatives and sports events; we are the proud sponsor of the London Marathon. Diversity, Inclusion and Wellbeing Tata Consultancy Services UK&I is committed to meeting the accessibility needs of all individuals in accordance with the UK Equality Act 2010 and the UK Human Rights Act 1998. We welcome and embrace diversity in race, nationality, ethnicity, disability, neurodiversity, gender identity, age, physical ability, gender reassignment, sexual orientation. We are a disability inclusive employer and encourage disabled people to apply for this role. As a Disability Confident Employer, we offer an interview to applicants with disabilities or long-term conditions who meet the minimum criteria for the role. Please email us at UKI.recruitment@tcs.com if you would like to opt in. If you are an applicant who needs any adjustments to the application process or interview, please contact us at UKI.recruitment@tcs.com with the subject line: “Adjustment Request” or call TCS London Office 02031552100 / 44 204 520 2575 to request an adjustment. We welcome requests prior to you completing the application and at any stage of the recruitment process. Beware of Fraudulent offers This is to notify you that TCS does not ask for any sort of payment or security deposit from candidates at any stage of the recruitment process. The firm never sends out job offers from free internet email services like Gmail, Yahoo Mail, and so on. TCS has not authorised any third-party company to collect money on their behalf. As a vigilant job seeker, beware of fraudulent recruitment activity and protect your interests! You can write to UKI.recruitment@tcs.com to report any fraudulent activity. Due to the high volume of applications, we will be unable to contact each applicant individually on the status of their application. If you have not received a direct response within 30 days, then it should be deemed unsuccessful on this occasion. Join us and do more of what matters. Apply online now.