Job Description
Sentinel SIEM Engineer in Annapolis, MD (Remote).
Key Skills: Azure Sentinel, Kusto Query Language/ KQL, Information Security, SOC
Note: On-site support may be required, with 72 hrs prior notice
Roles And Responsibilities
Recent experience with the administration and management of Microsoft Sentinel. Experience developing, compiling, and executing KQL queries.
Experience generating playbooks and using Azure logic apps for security orchestration, automation, and response. Experience in querying, reviewing, and providing contextual information from log data.
Proficient in the use of the M365 Office suite of tools.
The SIEM Engineer is responsible for designing, implementing, and managing the
Microsoft Sentinel SIEM solution to collect, analyze, and visualize data from various sources.
This role involves managing the SIEM environment, creating dashboards, and ensuring the effective use of SIEM capabilities to monitor, detect, and respond to security threats and operational insights for the consumption of the Security Analysts,
The Microsoft Sentinel SIEM Engineer will work closely with security analysts, and stakeholders to optimize data intelligence and drive informed incident detection and response.
Dashboard and Visualization Development - Develop data visuals for the SOC display screens.
Design and deploy SIEM resources, including configuring analytics rules, playbooks, Azure logic apps, and data connectors, to support data collection and analysis needs.
Optimize SIEM configurations to ensure efficient data storage, retrieval, and Search capabilities and Data Collection and Integration:
Collaborate with system owners to identify available data sources and drive initiatives to ingest that system data and develop data ingestion strategies, create data inputs, and set up data source integration for various log and event data types.
Design and implement data normalization and transformation processes for consistent and accurate analysis. Develop and optimize analytics rules and alert mechanisms to proactively monitor for security threats, anomalies, and operational issues.
Configure alerts to trigger automated responses or notifications based on predefined criteria. Build custom SIEM apps and add-ons to extend functionality and support specific agency requirements.
Implement security controls and best practices to protect data stored in SIEM and ensure compliance with relevant regulations and standards. Monitor and analyze security-related events to detect and respond to potential threats.
Monitor system performance and troubleshoot data indexing, search performance, and resource utilization issues. Implement optimizations to enhance SIEM's efficiency and responsiveness.
Train other JIS SOC team members on Microsoft Sentinel best practices, usage, and administration. Create documentation for configurations, processes, and troubleshooting procedures.
Preferred Qualifications
Three (3) years’ experience with Azure Sentinel.
Three (3) years experience with Kusto Query Language.
One (1) year experience with Information Security.
Active Microsoft Security Operations Analyst Associate certification.
About Us – WinningEdge
Job Search can be a painful & frustrating process. We take time to understand candidate skillsets, and job search preferences and match them with our ideal clients. Our team has a combined experience of over 100 years and we have successfully placed hundreds of candidates.
Sentinel SIEM EngineerN/A