Azure Sentinel Cyber Security Engineer

On behalf of Sellafield, we are looking for an Azure Sentinel Cyber Security Engineer (outside IR35) for a 12 month contract based hybrid in Warrington - 2/3 days per week.

SC Clearance is an essential requirement for this role, as a minimum you must be willing & eligible to undergo checks. Please note, due to the exceptional requirements of this position (short-term nature of this role and speed at which we require a postholder in situ) preference may be given to candidates who meet all of the essential criteria and hold active security clearance.

Accountabilities
. Subject Matter Expert (SME) for log source evaluation and onboarding into Azure Sentinel
. Review existing on-premises logging configurations and recommend improvements for cloud ingestion.
. Conduct discovery and assessment of log sources, ensuring appropriate classification and prioritisation.
. Collaborate with Head of Cyber Operations and other security stakeholders to ensure accurate, consistent logging across platforms.
. Deploy and configure native and custom data connectors to support diverse log source integration.
. Maintain a standardised process for log source categorisation, enrichment, and validation.

Deliverables
. Assess, categorise, and prioritise existing log sources for migration based on telemetry value and risk
. Coordinate connector deployment, workspace configuration, and diagnostic settings with platform teams
. Configure and validate native, Syslog, API, and custom ingestion paths as needed
. Ensure key log types (eg, Windows Security, Firewall, DNS, Proxy, AD, Identity) are onboarded and actionable
. Track onboarding progress and ingestion metrics using workbooks, dashboards, and reports
. Document log schemas, ingestion frequency, source ownership, and normalization mappings

Knowledge and Experience
. Experience with Microsoft Azure security technologies, especially Azure Sentinel, Log Analytics, and Azure Monitor
. Strong understanding of common log formats (Syslog, JSON, CEF, Windows Events, etc.)
. Familiarity with cloud migration strategies and hybrid logging environments
. Strong documentation skills and attention to detail
. Experience with security frameworks such as MITRE ATT&CK, NIST, and CAF
. Ability to troubleshoot complex ingestion or parsing issues and resolve at speed

Essential Skills
. Proven experience onboarding and managing log sources in Azure Sentinel
. Hands-on experience configuring data connectors and diagnostic settings in Azure
. Solid understanding of use case development and detection engineering
. Knowledge of PowerShell, KQL (Kusto Query Language), and JSON formatting
. Familiarity with identity-related logs (Azure AD, ADFS, M365 Defender, etc.)
. Experience working in a Security Operations environment or supporting SOC functions
. Understanding of network and host-based telemetry relevant for threat detection

Desirable
. Azure certifications (SC-200, AZ-500, MS-500)
. Experience with LogRhythm SIEM Platform
. Knowledge of SOAR tools and automation (Logic Apps, Sentinel Playbooks)

Please be aware that this role can only be worked within the UK and not Overseas.

Sellafield Ltd is committed to eliminating discrimination and encouraging diversity amongst its workforce.

In applying for this role, you acknowledge the following "this role falls in scope of the Off Payroll Working in the Public Sector legislation. Any rates of payment quoted will reflect the gross rate per day for the assignment and will be subject to appropriate taxes and statutory costs. As such the payment to the intermediary and your income resulting from this contract will be different".