-
malomatia

Senior Consultant - Cybersecurity

malomatia
Qatar · Full-time · Not Applicable

Job Description

We are seeking a skilled Senior Cybersecurity Consultant to join our Cybersecurity Practice as an Incident Handler within our security operations function. In this role, you will lead the detection, investigation, containment, and recovery of security incidents across enterprise and cloud environments, with a strong focus on the Microsoft security ecosystem.

Your responsibilities will center on incident handling and response, threat detection and hunting, and the day-to-day operation of Microsoft security tooling including Microsoft Defender (EDR/XDR), Microsoft Sentinel, Microsoft Purview, and Data Loss Prevention (DLP). You will drive incidents through the full response lifecycle and continuously improve detection and response capabilities.

You will work closely with SOC analysts, threat intelligence, and IT operations teams to triage alerts, lead investigations, coordinate containment and eradication, and conduct post-incident reviews. You will also tune detections, develop response playbooks, and support proactive threat hunting across the Microsoft 365 and Azure estate.

The role requires deep, hands-on operational expertise in incident response and the Microsoft security stack, strong analytical and forensic capabilities, and the ability to remain calm and decisive under pressure during active security incidents.

Responsibilities

  • Incident Handling & Response:Lead the end-to-end handling of security incidents, including detection, triage, investigation, containment, eradication, and recovery, in line with established incident response processes and SLAs.
  • Microsoft Defender (EDR/XDR):Operate, tune, and investigate using Microsoft Defender for Endpoint, Defender for Office 365, Defender for Identity, and Defender for Cloud Apps to detect and respond to threats across endpoints, identities, email, and cloud workloads.
  • Microsoft Sentinel (SIEM/SOAR):Use Microsoft Sentinel for log analysis, correlation, and automated response. Develop and tune analytic rules, KQL queries, workbooks, and SOAR playbooks to improve detection coverage and response efficiency.
  • Microsoft Purview & Data Security:Leverage Microsoft Purview for data governance, information protection, insider risk management, and compliance. Investigate data-related alerts and support data security and DLP operations.
  • Data Loss Prevention (DLP):Configure, monitor, and respond to DLP policies across Microsoft 365 and endpoints to detect and prevent unauthorized data exfiltration, and refine policies to reduce false positives.
  • Threat Hunting & Detection Engineering:Conduct proactive threat hunting across the Microsoft 365 and Azure estate, develop new detections, and continuously improve detection logic based on threat intelligence and lessons learned.
  • Forensics & Root Cause Analysis:Perform host, endpoint, and cloud-based investigations and digital forensics to determine root cause, scope, and impact of incidents, preserving evidence in line with best practices.
  • Documentation & Reporting:Produce high-quality incident reports, timelines, and post-incident reviews. Maintain runbooks and playbooks, and provide clear incident updates to internal stakeholders and clients.

Qualifications

  • Education: Bachelor’s / college degree in Computer Science, Information Security, or a related field.
  • Experience: At least 8 years of experience in cybersecurity operations, incident response, or security monitoring, with significant hands-on experience operating Microsoft security tools.
  • Certifications: Relevant professional certifications are highly desirable. These may include, but are not limited to:
    • Microsoft Security Operations Analyst (SC-200)
    • Microsoft Certified: Cybersecurity Architect (SC-100) or Information Protection (SC-400)
    • GIAC incident response / forensics (e.g., GCIH, GCFA) or equivalent
    • ISC2 (e.g., SSCP or CISSP) or CompTIA CySA+.
  • Technical Skills: Strong hands-on experience with the Microsoft security stack, including Microsoft Defender (EDR/XDR), Microsoft Sentinel, Microsoft Purview, and Microsoft 365 DLP. Proficiency with KQL for investigation and detection. Experience with EDR investigation, log analysis, SIEM/SOAR, endpoint and cloud forensics, and identity platforms (Entra ID and Active Directory). Familiarity with scripting (e.g., PowerShell) for automation is preferred.
  • Knowledge: Strong understanding of incident response methodologies and frameworks (e.g., NIST SP 800-61, SANS), the MITRE ATT&CK framework, the cyber kill chain, and modern attacker techniques. Solid grasp of cybersecurity principles including defense-in-depth, zero trust, and least privilege. Familiarity with ISO 27001 and CIS Benchmarks. Knowledge of Qatar National Information Assurance (NIA) is a plus.

Key Skills

Ranked by relevance

incident response cybersecurity cloud microsoft defender microsoft purview digital forensics active directory powershell cissp nist cis
Login to Apply
Posted
Jul 05, 2026
Type
Full-time
Level
Not Applicable
Location
Doha
Company
malomatia

Industries

IT Services IT Consulting

Categories

Information Technology

Related Jobs

3 roles aligned with this opportunity

View all jobs
View Job Details
malomatia
Related

Engineer - Cloud Security Architect

2026-07-02

Full-time
Not Applicable
Qatar
IT Services
Information Technology
View Job Details
malomatia
Related

Cloud Security Engineer

2026-07-01

Full-time
Mid-Senior
Qatar
IT Services
Information Technology
View Job Details
malomatia
Related

Senior Network Engineer

2026-07-01

Full-time
Not Applicable
Qatar
IT Services
Information Technology