Senior Specialist, Cybersecurity Engineering

About The Position

Requirements

• BA/BS required, advanced degree in Engineering and or related field.
• Minimum 3 years of experience in SIEM engineering, threat detection, or security operations with a focus on cloud-native platforms.
• Strong proficiency in Microsoft Sentinel, including Kusto Query Language (KQL), analytic rule creation, and custom workbook/dashboard development.
• Hands-on experience with Azure Log Analytics, ADX, and Logstash/Cribl pipelines for data ingestion and transformation.
• Demonstrated ability to create high-quality, low-noise detections aligned with adversary behaviors and threat models.
• Familiarity with log source types (Windows Event, Linux syslog, firewall, cloud-native telemetry, etc.) and their parsing requirements.
• Proficiency in scripting languages such as PowerShell or Python for data enrichment, rule testing, and automation support.
• Experience with Agile methodologies, using tools such as Jira for managing detection backlogs and sprints.
• Strong grasp of SDLC and DevSecOps practices in support of detection content lifecycle management.

Nice To Haves

• Microsoft Certified: Security Operations Analyst Associate (Sentinel).
• MITRE ATT&CK Defender (MAD), GIAC (GCIA, GCED), or similar detection engineering certifications.
• CISSP, CISM, or Microsoft Azure certifications are a plus.

Responsibilities

• Work on the development, deployment, and optimization of SIEM analytics rules, KQL-based queries, and hunting queries within Microsoft Sentinel.
• Act as the Subject Matter Expert on SIEM, ensuring efficient and secure integration of data sources and telemetry streams.
• Engineer detection logic that aligns with MITRE ATT&CK, threat modeling, and business risk prioritization to improve detection coverage and fidelity.
• Partner with incident response, threat intel, and vulnerability teams to transform intelligence and threat scenarios into actionable detection content.
• Collaborate with infrastructure and cloud teams to onboard, normalize, and validate log sources, ensuring telemetry quality and completeness.
• Create and maintain a detection engineering lifecycle framework, from hypothesis to deployment, including validation, documentation, tuning, and suppression logic.
• Optimize Azure Data Explorer (ADX) and custom enrichment data sources to support advanced correlation logic and reduce false positives.
• Develop and maintain dashboards and metrics to measure detection performance, including alert volume, false positive rate, and detection dwell time.
• Contribute to the Sentinel content roadmap and backlog management, prioritizing detections that address current and emerging threats.
• Ensure all work adheres to security governance, SDLC policies, and compliance requirements (e.g., PCI, GDPR).

Benefits

• Bonus eligibility
• Long term incentive if applicable
• Health care and other insurance benefits (for employee and family)
• Retirement benefits
• Paid holidays
• Vacation
• Sick days