Senior Cybersecurity Engineer (SME)

About The Position

Requirements

• Bachelors degree and a minimum of 8 years of relevant experience. An additional 4 years of experience in lieu of degree.
• Minimum of 8 years of cybersecurity experience, including: 5+ years in SOC, SIEM, or detection engineering roles.
• 3+ years of hands-on experience with Microsoft Sentinel.
• Deep expertise in Microsoft Sentinel (analytics, KQL, data models), Microsoft Defender for Endpoint (MDE), and Microsoft Defender for Identity (MDI).
• Strong experience with log ingestion, normalization, and schema mapping.
• Strong experience with multi-source telemetry integration (cloud, network, endpoint).
• Strong experience with AWS logging (CloudTrail, VPC Flow Logs).
• Knowledge of MITRE ATT&CK framework.
• Knowledge of SIEM/XDR integration.
• Knowledge of log routing tools (e.g., Cribl, Logstash, Fluentd).
• U.S citizenship required.
• Ability to obtain Top Secret Clearance.

Nice To Haves

• Relevant certifications: CISSP, GCIA, GCIH, CEH, or equivalent.
• Microsoft Security certifications (Sentinel, Defender).
• AWS Security certifications.
• Privacy certifications (e.g., CIPP/US, CIPM) where applicable.
• Experience supporting Federal civilian agencies.
• Experience supporting NIST-based frameworks (800-53, 800-61, 800-92).
• Experience supporting Zero Trust architectures.
• Ability to operate as both a hands-on engineer and strategic technical leader.
• Experience building detection capabilities from the ground up.
• Strong understanding of identity-centric security and Zero Trust principles.
• Proven ability to optimize security operations for efficiency and cost.

Responsibilities

• Lead Microsoft Sentinel Operations: Serve as the primary SME for Microsoft Sentinel, the enterprise SIEM platform. Design, implement, and optimize analytics rules, correlation logic, and data models. Develop advanced KQL queries, workbooks, and dashboards to support SOC operations and reporting. Ensure all monitoring and analytics align to the Microsoft Sentinel data model.
• Drive Detection Engineering & Threat Analytics: Lead development and continuous tuning of MITRE ATT&CK-aligned detection use cases. Implement cross-domain correlation logic spanning identity, endpoint, network, and cloud telemetry. Perform and guide proactive threat hunting activities. Continuously improve detection capabilities based on threat intelligence, incident response findings, and red team and assessment results.
• Integrate and Optimize Microsoft Security Stack: Leverage and optimize Microsoft Defender for Endpoint (MDE) for endpoint visibility and Microsoft Defender for Identity (MDI) for Active Directory and identity monitoring. Ensure all Defender telemetry is properly ingested into Sentinel, actively monitored and correlated, and optimized for detection and response.
• Engineer Multi-Source Log Ingestion & Normalization: Lead ingestion and integration of non-Microsoft data sources, including AWS CloudTrail and VPC Flow Logs, Proofpoint email security logs, Veeam backup logs, Checkpoint and Cisco network/security logs, iBoss proxy logs, and VPN and remote access logs. Ensure all telemetry is normalized to Sentinel schema, aligned for cross-plane correlation, and optimized for detection engineering and threat hunting.
• Ensure Data Integrity & Pipeline Health: Oversee ingestion pipelines to ensure log integrity and completeness, accurate timestamping and synchronization, and proper schema mapping and field normalization. Monitor ingestion health to identify dropped or malformed logs, latency or ingestion failures. Configure and manage log routing tools (e.g., Cribl), ensuring no data loss and preservation of original log fidelity.
• Enable Cross-Plane Security Visibility: Implement and maintain end-to-end visibility across identity, endpoint, network, and cloud. Develop correlation strategies that map to MITRE ATT&CK techniques, support advanced threat detection, and enable full attack path analysis.
• Deliver Operational Reporting & Dashboards: Build and maintain real-time dashboards and automated reporting within Sentinel. Provide visibility into detection performance (MTTD/MTTR), log ingestion health, threat trends and risk posture. Support delivery of operational SOC reporting, executive-level insights, and compliance and audit artifacts.
• Mentor and Lead Technical Teams: Serve as a technical escalation point and mentor for SOC analysts (Tier I–III). Provide guidance on detection strategy, log onboarding, and security architecture improvements. Collaborate with Incident Response teams, cloud and infrastructure teams, and government stakeholders.

Benefits

• Overtime
• Shift differential
• Discretionary bonus