Global Analytics Engineer

Summary

Join SRA's CyberSOC engineering team as a skilled Analytics Engineer. You will leverage your KQL expertise to craft detection logic, troubleshoot Sentinel analytics, and collaborate with the EDR analytics team. Responsibilities include designing, developing, and deploying Microsoft Sentinel analytics, maintaining custom Sentinel functions, and optimizing logging infrastructure. The ideal candidate possesses proven experience with at least one EDR platform and one SIEM solution, along with strong communication and problem-solving skills. This role offers a hybrid work environment after an initial onboarding period and includes various benefits such as health and dental insurance, a pension contribution, life insurance, annual bonuses, and access to mental health services. Evening and weekend work may be required.

Requirements

• Bachelor’s degree in Information Technology, IT Security, Computer Science, Computer Engineering, or equivalent experience
• Proficient in Kusto Query Language (KQL) for developing and troubleshooting Microsoft Sentinel analytics and functions
• 1-3 years of professional experience, campus applicants are welcome
• Punctuality and timely attendance to external client and internal stakeholder needs

Responsibilities

• Provide operational coverage during standard business hours supporting internal defenders and analysts with
• Responding to inquiries related to Microsoft Sentinel analytics
• Assisting clients with Sentinel analytics questions and troubleshooting
• Diagnosing and resolving issues with Sentinel analytics
• Deploying Sentinel analytics to client environments
• Design, develop, and modify Microsoft Sentinel analytics in alignment with requests assigned by the Analytics Engineering Lead, adhering to established processes and quality standards
• Collaborate with the Endpoint Detection and Response (EDR) analytics team to create and maintain detection rules across one or more EDR platforms, including
• SentinelOne
• Microsoft Defender for Endpoint
• CrowdStrike Falcon
• Develop and maintain custom Sentinel functions to enhance rule coverage and search capabilities
• Troubleshoot and resolve issues related to Sentinel analytics and custom Sentinel functions
• Coordinate with the Content Engineering Lead to ensure logging infrastructure is optimized to support both existing and new Sentinel analytics
• Manage the deployment lifecycle of Sentinel analytics, including initial rollout, updates, and troubleshooting deployment-related issues

Preferred Qualifications

• Strong understanding of log source telemetry and schema structures, enabling accurate translation of use cases into high-fidelity Sentinel detection rules
• Hands-on experience developing detection content (e.g., alerts, use cases, queries, dashboards) within a SIEM platform such as Microsoft Sentinel, Splunk, or QRadar
• Hands-on experience with EDR platforms, including at least one of the following: CrowdStrike Falcon, SentinelOne, or Microsoft Defender for Endpoint
• In-depth knowledge of Sentinel analytics configurations, deployment options, and best practices
• Familiarity with Microsoft’s DevOps pipeline (training available if needed)
• Strong written and verbal communication skills, with the ability to convey technical concepts clearly and professionally to both internal teams and clients
• Comfortable leading meetings, demonstrating professionalism, subject matter expertise, and the ability to engage stakeholders effectively
• Highly organized with strong attention to detail, ensuring accuracy and consistency in deliverables
• Demonstrated passion for technology and a proactive approach to staying current with industry trends
• Collaborative team player who also excels at working independently and managing individual responsibilities
• Flexible and adaptable, with the ability to adjust to shifting client and project needs, including occasional extended hours when necessary

Benefits

• Health / Dental Insurance
• Employer matched pension contribution
• Life Insurance / Income Protection
• Annual performance related bonus
• Hybrid after initial full onboarding and training period
• Annual charitable donations to a charity of choice
• Access to free mental health services