Technical Skills · v1
Skills &
Competencies
Hands-on technical skills across the Microsoft security stack, organized by product area. Ratings reflect demonstrated delivery across lab and project work.
Proficiency key
Awareness
Understand the concept and can discuss it. e.g. know what Insider Risk policies do, have reviewed the portal but haven't configured in production.
Foundational
Configured in a lab or followed guided steps in production. e.g. deployed a Logic App playbook from a template, ran Purview scans against M365 sources.
Practitioner
Designed and delivered end-to-end in real or production-equivalent environments. e.g. authored KQL analytic rules deployed to Sentinel, configured CA policies across MFA and device compliance conditions.
Advanced
Delivered across multiple scenarios, can troubleshoot edge cases, and advises others. e.g. designed a full sensitivity label taxonomy with sublabels and protection actions, deployed Sentinel workspace and connectors via Bicep pipeline.
Expert
Deep specialist-level command. Can extend, teach, and handle non-standard architectures. e.g. designs cross-pillar Zero Trust reference architectures, owns detection engineering strategy across a SOC.
Sensitivity Label Taxonomy Design
Current
Data Loss Prevention (DLP) Policy Design
Current
Auto-Labeling Policy Configuration
Current
Insider Risk Management
Developing
eDiscovery & Compliance Hold Workflows
Developing
Compliance Manager & Regulatory Mapping
Current
DSPM for AI & Data Security Posture
Developing
Purview as Code (IaC / PowerShell)
Developing
Conditional Access Policy Design
Current
Privileged Identity Management (PIM)
Current
Identity Governance & Entitlement Management
Current
Multi-Factor Authentication (MFA) Deployment
Current
External Identities & B2B Collaboration
Current
Zero Trust Architecture (Identity Layer)
Current
Entra ID as Code (IaC / Graph API)
Developing
Entra Permissions Management (CIEM)
Developing
Workspace Architecture & Data Connector Setup
Current
KQL — Analytic Rule Authoring
Current
SOAR Playbook Development (Logic Apps)
Current
Sentinel as Code (Bicep / ARM / Terraform)
Current
Incident Triage & Investigation Workflows
Current
Threat Hunting (KQL / MITRE ATT&CK)
Developing
SIEM Migration (Splunk / QRadar → Sentinel)
Developing
Retention Tiering & Cost Optimization
Developing
Defender for Endpoint — Deployment & Config
Current
Defender for Identity — Lateral Movement Detection
Developing
Defender for Cloud Apps (CASB)
Current
Defender for Office 365 — Anti-Phishing Config
Current
Microsoft Secure Score — Remediation Planning
Current
XDR Incident Correlation & Response
Current
Defender for Cloud (CSPM / CWPP)
Developing
Azure Policy & Regulatory Compliance
Current
Bicep / ARM Template Authoring
Current
Azure DevOps Pipelines (CI/CD)
Current
Landing Zone & Governance Design
Current
Azure Key Vault & Secrets Management
Current
Terraform (Azure Provider)
Developing
GitHub Actions — Security Pipeline Automation
Current
KQL (Kusto Query Language)
Current
PowerShell — Security Scripting & Automation
Current
Microsoft Graph API
Current
Zero Trust Framework (NIST SP 800-207)
Current
MITRE ATT&CK Framework
Current
Security Health Check & Gap Assessment
Current
Python — Security Tooling & Scripting
Developing
Regulatory Frameworks (HIPAA · NYDFS · CMMC)
Current