Senior SIEM & SOAR Engineer - Cyber Defense Lead

Knowledge, Skills, and Abilities (KSAs)Knowledge of:Microsoft Sentinel architecture, SOAR, and UEBA capabilities.Azure cloud services, Logic Apps, Azure Functions, Event Hubs, Key Vault, and Azure AD.Security operations processes (triage, threat detection, incident response, threat modeling).MITRE ATT&CK, NIST CSF, Zero Trust Architecture concepts.Programming and scripting languages (Python, PowerShell, KQL, C#, JavaScript, or equivalent).CI/CD pipelines, DevOps practices, and Git-based version control.API integrations and JSON/YAML structures.Skills in:Building Logic App workflows and custom Sentinel automation playbooks.Writing complex KQL queries for analytics, hunting, and behavioral detection.Developing custom connectors, data maps, and parsers.Designing and optimizing UEBA detection models.Debugging SOAR workflows and resolving integration issues.Communicating technical information clearly to both technical and non-technical audiences.Abilities to:Work independently and take ownership of complex development tasks.Translate security requirements into scalable technical solutions.Analyze threat behaviors and develop meaningful detections.Work collaboratively with cybersecurity, infrastructure, and application teams.Manage multiple work assignments and meet deadlines.CANDIDATE SKILLS AND QUALIFICATIONSMinimum Requirements:Candidates that do not meet or exceed theminimumstated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.YearsRequired/PreferredExperience4RequiredGraduation from an accredited four-year college or university with major coursework in computer science, computer information systems, software engineering, cybersecurity, or a related field.2RequiredTwo (2) years of full-time experience in software development, cloud engineering, SIEM engineering, or cybersecurity engineering.2RequiredTwo (2) years of full-time experience in software development, cloud engineering, SIEM engineering, or cybersecurity engineering.3PreferredThree (3) or more years of hands-on technical experience with Microsoft Sentinel.1PreferredExperience developing UEBA models, anomaly detection rules, and behavior-based analytics.1PreferredExperience building Security Automation Playbooks (SOAR).1PreferredMicrosoft certifications such as: SC-200: Security Operations Analyst, AZ-900 / AZ-104, SC-100 / SC-3001PreferredExperience integrating Sentinel with EDR, IAM, firewalls, and ticketing systems.1PreferredExperience with DevOps pipelines (GitHub, Azure DevOps).1PreferredExperience working in a government, healthcare, or regulatory environment.J-18808-Ljbffr