Microsoft Sentinel Engineer | Onsite - Austin TX

0 views
Skip to first unread message

Sulthan recruiter

unread,
Dec 30, 2025, 9:19:17 AM (3 days ago) 12/30/25
to Sulthan VJ
Please share your Profiles to Sult...@nextgen-is.com
Please Share Austin TX Locals only

Position: Software Developer 2  (537601537)

Location: Onsite - Austin TX

Duration: 6 Months

Client: Texas Health and Human Services Commission

 

Essential Job Functions (EJFs)

1. Microsoft Sentinel SOAR Development (40%)

·        Designs, develops, tests, and deploys Sentinel SOAR automation playbooks using Azure Logic Apps, Azure Functions, ARM templates, and REST APIs.

·        Creates automated workflows for alert enrichment, triage, response actions, notification processes, and case management.

·        Integrates Sentinel with third-party systems (EDR, IAM, ticketing systems, email gateways, firewalls, etc.) to automate security operations.

2. UEBA & Analytics Engineering (30%)

·        Develops custom UEBA detection rules, anomaly models, ML-based behavior patterns, and advanced hunting queries (KQL).

·        Builds and maintains analytics content, data parsers, normalization rules, and entity behavior profiles.

·        Evaluates behavioral anomalies and collaborates with cybersecurity teams to fine-tune detection logic.

3. SIEM Content Development & Platform Engineering (15%)

·        Designs and implements custom data connectors, ingestion pipelines, and data transformation logic.

·        Creates dashboards, workbooks, hunting queries, and detection-as-code assets.

·        Performs platform tuning to improve performance, reduce noise, and align to MITRE ATT&CK and Zero Trust principles.

4. Application Development & Integration (10%)

·        Develops supporting code modules, scripts, microservices, and helper APIs using Python, PowerShell, .NET, or similar languages.

·        Works with DevOps pipelines, CI/CD processes, version control, and infrastructure-as-code where applicable.

5. Documentation, Collaboration & Support (5%)

·        Writes technical design documents, SOPs, architecture diagrams, and automation runbooks.

·        Collaborates with DSHS, HHSC CISO Office, and cross-functional stakeholders on requirements, testing, and deployment.

·        Provides Tier III support for Sentinel engineering issues and participates in after-action reviews when needed.

Knowledge, Skills, and Abilities (KSAs)

Knowledge of:

·        Microsoft Sentinel architecture, SOAR, and UEBA capabilities.

·        Azure cloud services, Logic Apps, Azure Functions, Event Hubs, Key Vault, and Azure AD.

·        Security operations processes (triage, threat detection, incident response, threat modeling).

·        MITRE ATT&CK, NIST CSF, Zero Trust Architecture concepts.

·        Programming and scripting languages (Python, PowerShell, KQL, C#, JavaScript, or equivalent).

·        CI/CD pipelines, DevOps practices, and Git-based version control.

·        API integrations and JSON/YAML structures.

Skills in:

·        Building Logic App workflows and custom Sentinel automation playbooks.

·        Writing complex KQL queries for analytics, hunting, and behavioral detection.

·        Developing custom connectors, data maps, and parsers.

·        Designing and optimizing UEBA detection models.

·        Debugging SOAR workflows and resolving integration issues.

·        Communicating technical information clearly to both technical and non-technical audiences.

Abilities to:

·        Work independently and take ownership of complex development tasks.

·        Translate security requirements into scalable technical solutions.

·        Analyze threat behaviors and develop meaningful detections.

·        Work collaboratively with cybersecurity, infrastructure, and application teams.

·        Manage multiple work assignments and meet deadlines.

II.  CANDIDATE SKILLS AND QUALIFICATIONS

Minimum Requirements:
Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.

Years

Required/Preferred

Experience

4

Required

Graduation from an accredited four-year college or university with major coursework in computer science, computer information systems, software engineering, cybersecurity, or a related field.

2

Required

Two (2) years of full-time experience in software development, cloud engineering, SIEM engineering, or cybersecurity engineering.

2

Required

Two (2) years of full-time experience in software development, cloud engineering, SIEM engineering, or cybersecurity engineering.

3

Preferred

Three (3) or more years of hands-on technical experience with Microsoft Sentinel.

1

Preferred

Experience developing UEBA models, anomaly detection rules, and behavior-based analytics.

1

Preferred

Experience building Security Automation Playbooks (SOAR).

1

Preferred

Microsoft certifications such as: SC-200: Security Operations Analyst, AZ-900 / AZ-104, SC-100 / SC-300

1

Preferred

Experience integrating Sentinel with EDR, IAM, firewalls, and ticketing systems.

1

Preferred

Experience with DevOps pipelines (GitHub, Azure DevOps).

1

Preferred

Experience working in a government, healthcare, or regulatory environment.

 

 

Reply all
Reply to author
Forward
0 new messages