Job Description

Job Summary (MS Sentinel Engineer/SME)


- Serve as a subject matter expert (SME) in Microsoft Sentinel (Azure SIEM) within a FedRAMP environment.
- Lead and escalate complex and high-severity security incidents in a Security Operations Center (SOC) at a senior/principal level.
- Design, implement, and optimize analytics rules and detections, ensuring high-fidelity threat detection and response.
- Perform log parsing, normalization, and data quality management to enhance detection capabilities.
- Manage and optimize SIEM performance, reducing false positives/noise and improving detection accuracy.
- Develop, implement, and tune detections aligned with MITRE ATT&CK and other threat frameworks.
- Utilize automation and orchestration tools, including Sentinel playbooks and Logic Apps, to streamline response processes.
- Conduct advanced threat hunting and large-scale data analysis using KQL (Kusto Query Language).
- Integrate and manage a wide range of security tools (NGFW, IDS/IPS, EDR, AV, MS Defender Suite, Cloud Security Tools, etc.).
- Apply broad knowledge of cloud and enterprise security technologies, identity security (Entra ID), and cloud-native controls.
- Lead incident response activities, including root cause analysis (RCA) and continual improvement of detection/response processes.
- Mentor and guide SOC analysts, contributing to operational maturity and team development.
- Engage and influence technical and non-technical stakeholders with strong communication skills.
- Maintain up-to-date knowledge of evolving threats, technologies, and best practices.
- Preferred: Relevant certifications (SC-200, AZ-500, CySA+).
- 5+ years of experience in SOC, Incident Response, Azure Cloud Security.
- Remote position; no visa sponsorship; background/drug check not required.

Job Tags

Remote work, Visa sponsorship

Similar Jobs