Security Automation Engineer(Microsoft Sentinel / Azure SOAR)

About The Position

Requirements

• Graduation from an accredited four -year college or university with major coursework in computer science, computer information systems, software engineering, cybersecurity, or a related field.
• Two (2) years of full -time experience in software development, cloud engineering, SIEM engineering, or cybersecurity engineering.
• Two (2) years of full -time experience in software development, cloud engineering, SIEM engineering, or cybersecurity engineering.

Nice To Haves

• Three (3) or more years of hands -on technical experience with Microsoft Sentinel.
• Experience developing UEBA models, anomaly detection rules, and behavior -based analytics.
• Experience building Security Automation Playbooks (SOAR).
• Microsoft certifications such as: SC -200: Security Operations Analyst, AZ -900 / AZ -104, SC -100 / SC -300
• Experience integrating Sentinel with EDR, IAM, firewalls, and ticketing systems.
• Experience with DevOps pipelines (GitHub, Azure DevOps).
• Experience working in a government, healthcare, or regulatory environment.

Responsibilities

• Microsoft Sentinel SOAR Development (40%): Designs, develops, tests, and deploys Sentinel SOAR automation playbooks using Azure Logic Apps, Azure Functions, ARM templates, and REST APIs. Creates automated workflows for alert enrichment, triage, response actions, notification processes, and case management. Integrates Sentinel with third -party systems (EDR, IAM, ticketing systems, email gateways, firewalls, etc.) to automate security operations.
• UEBA & Analytics Engineering (30%): Develops custom UEBA detection rules, anomaly models, ML -based behavior patterns, and advanced hunting queries (KQL). Builds and maintains analytics content, data parsers, normalization rules, and entity behavior profiles. Evaluates behavioral anomalies and collaborates with cybersecurity teams to fine -tune detection logic.
• SIEM Content Development & Platform Engineering (15%): Designs and implements custom data connectors, ingestion pipelines, and data transformation logic. Creates dashboards, workbooks, hunting queries, and detection -as -code assets. Performs platform tuning to improve performance, reduce noise, and align to MITRE ATT&CK and Zero Trust principles.
• Application Development & Integration (10%): Develops supporting code modules, scripts, microservices, and helper APIs using Python, PowerShell, .NET, or similar languages. Works with DevOps pipelines, CI/CD processes, version control, and infrastructure -as -code where applicable.
• Documentation, Collaboration & Support (5%): Writes technical design documents, SOPs, architecture diagrams, and automation runbooks. Collaborates with DSHS, HHSC CISO Office, and cross -functional stakeholders on requirements, testing, and deployment. Provides Tier III support for Sentinel engineering issues and participates in after -action reviews when needed.