Job Summary

The Cyber Monitoring Platform Engineer is responsible for the design, implementation, operation, and continuous improvement of the organization’s cyber monitoring platforms, with a strong focus on Microsoft security technologies.

This role ensures that monitoring, detection, and investigation capabilities are scalable, reliable, secure, and aligned with threats landscape and SOC operational needs.

Acting as a key technical contributor within the Cyber Defense / SOC ecosystem, the engineer works closely with Cyber Monitoring Analysts, Detection Engineers, Incident Response (CSIRT), Threat Intelligence, and external partners (e.g., MSSP) to deliver robust end-to-end monitoring capabilities across on-prem, cloud, and hybrid environments.

Key Responsibilities

Platform Engineering & Operations

* Design, deploy, and operate cyber monitoring platforms based on Microsoft Sentinel and the Microsoft Defender XDR ecosystem.
* Ensure high availability, performance, and resilience of monitoring platforms across production and preproduction environments.
* Administer and secure platform access using Azure AD / Entra ID, RBAC, and privileged access controls.
* Manage platform lifecycle activities including upgrades, patching, configuration changes, and capacity planning.

Microsoft Security Stack Ownership

* Operate and integrate the following Microsoft security solutions:
* Microsoft Sentinel (SIEM & SOAR)
* Microsoft Defender XDR
* Microsoft Security Copilot
* Ensure seamless data ingestion, normalization, and correlation across the Microsoft security stack.
* Support advanced investigations by enabling cross product visibility and XDR driven threat hunting.

Log Management & Data Engineering

* Onboard and maintain log sources from on-prem infrastructure, Azure, M365, SaaS, and third-party security tools.
* Design and maintain log ingestion pipelines using native Microsoft connectors, APIs, and custom integrations.
* Optimize data retention, cost management, and performance within Microsoft Sentinel workspaces.
* Monitor log source health, data latency, and ingestion quality.

Automation & Infrastructure as Code

* Implement Infrastructure-as-Code (IaC) and configuration management using tools such as Terraform, ARM/Bicep, and Gitbased CI/CD pipelines.
* Automate deployment and configuration of Sentinel, Defender, analytics rules, playbooks, and platform components.
* Support SOAR capabilities through Sentinel automation rules and Logic Apps.

Security Operations Enablement

* Work closely with SOC Analysts (L1/L2), Detection Engineers, and Threat Hunters to ensure platform capabilities meet operational requirements.
* Support detection engineering by enabling analytics rule deployment, tuning, and lifecycle management.
* Assist Incident Response teams with platform level troubleshooting and advanced investigations.
* Leverage Microsoft Security Copilot to enhance investigation efficiency, detection analysis, and operational insights.

Governance, Documentation & Collaboration

* Produce and maintain technical documentation, architecture diagrams, and operational runbooks.
* Contribute to platform governance, standards, and best practices.
* Collaborate with internal stakeholders and external partners (e.g., MSSP, cloud providers).
* Participate in continuous improvement initiatives and technology roadmap discussions.

Required Technical Skills

Microsoft Security & Cloud

* Strong hands-on experience with:
* Microsoft Sentinel
* Microsoft Defender XDR
* Microsoft Defender for Endpoint (MDE)
* Microsoft Defender for Identity (MDI)
* Microsoft Azure (subscriptions, resources, …)
* Microsoft Security Copilot
* Solid understanding of Azure security architecture and Azure networking fundamentals.
* Experience with Azure AD / Entra ID, identity security, and access management.

SOC Technologies

* Deep understanding of SIEM/XDR concepts, SOC operations, and cyber monitoring workflows.
* Experience with detection engineering concepts and SOC use case enablement.
* Knowledge of MITRE ATT&CK and how it maps to detection and monitoring strategies.

Automation & DevSecOps

* Experience with CI/CD pipelines, Gitbased workflows, and DevSecOps practices.
* Infrastructure-as-Code experience (Terraform, Bicep).
* Scripting skills (PowerShell, SIGMA/KQL; Python).

Data & Platform Engineering

* Log ingestion, parsing, normalization, and data modelling concepts.
* Experience with KQL for querying, investigation, and operational monitoring.
* Understanding data retention, cost optimization, and performance tuning in SIEM platforms.

Professional Skills

* Strong analytical and problem-solving mindset.
* Ability to operate in complex, enterprise scale security environments.
* Clear communication skills for technical and nontechnical audiences.
* Ability to work collaboratively across SOC, engineering, and incident response teams.
* Proactive, structured, and quality driven approach.

Experience & Education

* Proven experience in Cyber Monitoring, SOC Platform Engineering, Cloud Security, or SIEM/XDR engineering roles.
* Handson experience operating Microsoft security platforms in production environments.
* Degree in Cybersecurity, Computer Science, Engineering, or equivalent professional experience.
* Relevant Microsoft security certifications are a strong advantage.

At Stellantis, we assess candidates based on qualifications, merit and business needs. We welcome applications from people of all gender identities, age, ethnicity, nationality, religion, sexual orientation and disability. Diverse teams will allow us to better meet the evolving needs of our customers and care for our future.