Job Description

• Design, implement and automate high-fidelity detection rules using SIEM, EDR,  and other telemetry sources (e.g. Sentinel, Defender, AWS, etc.) to improve  efficiency and accuracy. 

• Monitor and tune alerts to reduce false positives and improve signal-to-noise  ratio. 

• Regularly test and validate detection content to ensure its effectiveness and  accuracy.

• Create documentation and knowledge transfer materials for detections and  engineering processes. 

• Perform gap analysis and continuously improve detection coverage, accuracy,  and resilience. 

• Design and develop security automations workflows using SOAR (Security  Orchestration, Automation, and Response) primarily using Microsoft  Sentinel/Logic Apps. 

• Build and maintain custom integrations with SIEM, EDR, Threat Intel feeds,  ticketing systems, and other SOC tools. 

• Automate repetitive SOC tasks such as alert triage, enrichment, IOC lookups,  and ticket creation. 

• Develop dashboards or utilities to improve visibility and operational insights into  SOC metrics. 

• Collaborate with security operations center analysts & threat intelligence to stay  ahead of evolving adversary tactics (MITRE ATT&CK-based). 

• Create and update relevant runbooks, playbooks and other necessary  documentation around detection rules and attacker TTP's. 

• Prepare and present detailed reports on detection/automation activities,  findings, and improvements to senior management. 

Qualifications:  

• Bachelor’s degree in cybersecurity, computer science, information  technology, or related field. 

• 5+ years in cybersecurity, with 3+ years specifically in detection and  automation engineering. 

• Proficiency in writing detection logic using KQL, SPL or other relevant query  languages. 

• Experience with query languages such as KQL, SPL and scripting languages  (Bash, PowerShell, Python, JavaScript) 

• Proficient in developing automations using SOAR platforms, specifically  Microsoft Sentinel/Logic Apps 

• Understanding of SOC operations, incident response workflows, and threat  detection techniques. 

• Experience with RESTful APIs and integration of third-party tools. • Experience building advanced analytics (ML) and developing AI agents/tools • Experience in a cloud-first or hybrid cloud environment (preferably AWS and  Azure). 

• Strong, practical knowledge of the MITRE ATT&CK framework, and how to  map adversary behaviors to telemetry for detection design. 

• Deep understanding of attacker TTPs, threat modeling, and detection  methodologies. 

• Familiarity with version control (Git), CI/CD pipelines, and infrastructure as  code concepts. 

• Experience in using security orchestration, automation, and response tools. • Strong analytical skills to analyze large volumes of data and identifying  potential threats, patterns. 

• The ability to effectively communicate both verbally and in writing to  audiences of different technical skill levels. 

• Relevant certifications such as: 

o Microsoft SC-200, Azure Security Engineer Associate 

o AWS Certified Security – Specialty 

o GIAC (GCIA, GCTI, GDAT), CISSP, or CISM 

Department: Preferred Vendors
This is a contract position

Job Tags

Similar Jobs