Microsoft Sentinel Security Platform Engineer

About The Position

Requirements

• 4 years Graduation from an accredited four-year college or university with major coursework in computer science, computer information systems, software engineering, cybersecurity, or a related field.
• 2 years Two (2) years of full-time experience in software development, cloud engineering, SIEM engineering, or cybersecurity engineering.
• 2 years Two (2) years of full-time experience in software development, cloud engineering, SIEM engineering, or cybersecurity engineering.

Nice To Haves

• 3 years Three (3) or more years of hands-on technical experience with Microsoft Sentinel.
• 1 year Experience developing UEBA models, anomaly detection rules, and behavior-based analytics.
• 1 year Experience building Security Automation Playbooks (SOAR).
• 1 year Microsoft certifications such as: SC-200: Security Operations Analyst, AZ-900 / AZ-104, SC-100 / SC-300
• 1 year Experience integrating Sentinel with EDR, IAM, firewalls, and ticketing systems.
• 1 year Experience with DevOps pipelines (GitHub, Azure DevOps).
• 1 year Experience working in a government, healthcare, or regulatory environment.

Responsibilities

• Microsoft Sentinel SOAR Development (40%): Designs, develops, tests, and deploys Sentinel SOAR automation playbooks using Azure Logic Apps, Azure Functions, ARM templates, and REST APIs. Creates automated workflows for alert enrichment, triage, response actions, notification processes, and case management. Integrates Sentinel with third-party systems (EDR, IAM, ticketing systems, email gateways, firewalls, etc.) to automate security operations.
• UEBA & Analytics Engineering (30%): Develops custom UEBA detection rules, anomaly models, ML-based behavior patterns, and advanced hunting queries (KQL). Builds and maintains analytics content, data parsers, normalization rules, and entity behavior profiles. Evaluates behavioral anomalies and collaborates with cybersecurity teams to fine-tune detection logic.
• SIEM Content Development & Platform Engineering (15%): Designs and implements custom data connectors, ingestion pipelines, and data transformation logic. Creates dashboards, workbooks, hunting queries, and detection-as-code assets. Performs platform tuning to improve performance, reduce noise, and align to MITRE ATT&CK and Zero Trust principles.
• Application Development & Integration (10%): Develops supporting code modules, scripts, microservices, and helper APIs using Python, PowerShell, .NET, or similar languages. Works with DevOps pipelines, CI/CD processes, version control, and infrastructure-as-code where applicable.
• Documentation, Collaboration & Support (5%): Writes technical design documents, SOPs, architecture diagrams, and automation runbooks. Collaborates with DSHS, HHSC CISO Office, and cross-functional stakeholders on requirements, testing, and deployment. Provides Tier III support for Sentinel engineering issues and participates in after-action reviews when needed.

Benefits

• Medical insurance (with employer cost sharing)
• Life insurance
• A 401(K) plan with company match
• Flexible spending through a cafeteria plan