Sr. SIEM Engineering Consultant

ECS Tech Inc

3d•Remote

About The Position

Everforth ECS is seeking a Sr. SIEM Engineering Consultant to join our team remotely. This position is contingent upon contract award. Are you passionate about building and scaling cloud-native SIEM solutions and eager to make an immediate technical impact? Join ECS, a leading provider of cloud, AI, data, and enterprise transformation solutions. In this role, you will implement, optimize, and maintain Microsoft Sentinel environments at scale while contributing to architecture, automation, and integrations that improve security visibility, detection, and operational efficiency. We are seeking a Sr. SIEM Engineering Consultant to join our Managed Security Services (MSSP) team. The ideal candidate has hands-on experience with Microsoft Sentinel and enjoys designing, coding, and deploying complex security monitoring and detection solutions. You will collaborate with engineering, DevOps, cloud, and client teams to deliver resilient, high-performance SIEM capabilities while maintaining visibility into threats, system health, and operational workflows.

Requirements

Deep, hands-on expertise with Microsoft Sentinel and Azure Monitor (Log Analytics, KQL, data connectors).
Strong experience with SIEM engineering, including log ingestion, normalization, detection engineering, and incident response workflows.
Proficiency in Kusto Query Language (KQL) for detection development and data analysis.
Strong scripting and automation skills (Python, PowerShell, Bash, etc.).
Solid understanding of security operations, threat detection, and observability in distributed systems.
Experience designing, deploying, and optimizing production-scale SIEM environments.
Strong knowledge of Azure, cloud security architecture, networking, and identity systems.
Ability to mentor, guide, and influence engineering teams on SIEM and security best practices.
Outstanding verbal and written communication skills.
Willingness and ability to support domestic or international on-site engagements.
U.S. Passport required.
Must be eligible to obtain a U.S. Security Clearance.

Responsibilities

Design, deploy, and maintain Microsoft Sentinel environments, including Log Analytics Workspaces and data connectors.
Build and optimize data ingestion pipelines, detection rules (analytics), queries (KQL), dashboards (Workbooks), and automation workflows.
Write scripts, automation, and integrations (Python, PowerShell, Bash, etc.) to streamline security operations, data processing, and monitoring.
Deploy and manage Sentinel across cloud environments, primarily Azure, with integrations into AWS, GCP, and hybrid/on-premises environments.
Leverage automation and orchestration tools such as Terraform, Ansible, CI/CD pipelines, and infrastructure-as-code to manage deployments and operational tasks.
Integrate Sentinel with enterprise tools such as Microsoft Defender, identity providers, firewalls, EDR platforms, and other telemetry sources.
Monitor system health, troubleshoot ingestion and performance issues, and optimize for cost, reliability, and scalability.
Develop and tune detection use cases aligned to threat frameworks (e.g., MITRE ATT&CK).
Configure incident management, alert grouping, and response workflows within Sentinel.
Implement automation and response using playbooks (Logic Apps) for alert enrichment and remediation.
Lead design reviews, provide guidance on SIEM best practices, and support knowledge sharing across teams.
Maintain documentation for architectures, detection logic, deployment patterns, runbooks, and operational best practices.
Stay current with Microsoft security technologies, Sentinel features, and emerging SIEM capabilities.