Senior Security Operations Engineer
United States of America
Full-time
3 weeks ago
$50 - $79 USD
H1B Sponsor
Key skills
Microsoft SentinelKQLCrowdStrike FalconMITRE ATT&CKSOAR automationThreat huntingScriptingTroubleshootingKnowledge transferDocumentationPythonPowerShellAnalyticsLogic AppsFirewall
About this role
Global Technical Talent is a leading provider of data storage solutions, committed to innovation, sustainability, and employee development. They are seeking a Senior Security Operations Engineer with expert-level Microsoft Sentinel engineering experience to support SIEM engineering, advanced threat detection development, and security operations maturity.
Responsibilities:
- Engineer and tune Microsoft Sentinel data connectors, analytic rules, content packs, and automation playbooks
- Build KQL-based detections , custom analytics, hunting queries, and watchlists
- Manage and optimize log ingestion pipelines , including WindowsEvent, SecurityEvent, and NxLog sources
- Design and maintain SOAR automation using Logic Apps
- Migrate legacy detection and hunting workflows into Sentinel’s Threat Hunting module
- Partner with SOC and IR teams to improve signal fidelity and detection quality
- Conduct advanced threat hunting using KQL and Sentinel workbooks
- Convert threat intelligence into actionable detections
- Identify detection gaps and expand coverage across identity, endpoint, and cloud telemetry
- Review CrowdStrike IOA detections and build complementary Sentinel detections
- Integrate CrowdStrike EASM insights into detection workflows
- Support endpoint engineering related to USB security, SSH visibility, certificates, and firewall controls
- Integrate credential risk signals into Sentinel detections
- Build detections for abnormal authentication behavior and correlated identity attacks
- Provide Tier 3 engineering support for Sentinel alerts and endpoint incidents
- Support high-severity investigations requiring deep log correlation
- Produce engineering documentation, SOPs, playbooks, and runbooks
- Deliver full knowledge transfer at the conclusion of the contract
Requirements:
- Extensive hands-on Microsoft Sentinel engineering experience
- Strong proficiency in KQL
- Experience building analytic rules, hunting queries, SOAR playbooks, and SIEM data models
- Hands-on experience with CrowdStrike Falcon (EDR, IOA, EASM, firewall)
- Strong understanding of MITRE ATT&CK and modern detection engineering practices
- Broad troubleshooting skills across Windows, Linux, identity, and cloud environments
- Experience migrating legacy SIEM workflows into Sentinel
- Experience with identity risk and credential monitoring tools
- Scripting experience with PowerShell or Python
- Experience supporting OT, factory, or production environments