Senior Sentinel Engineer

Summary

Join UltraViolet Cyber, a leading unified security operations company, as a Microsoft Sentinel SIEM Engineer. You will architect, deploy, and maintain Microsoft Sentinel for SIEM use cases, manage and optimize Microsoft Defender tools, and develop custom queries and automation playbooks. Collaborate with threat analysts and incident response teams, provide technical guidance on security best practices, and continuously assess the security landscape. This role requires strong technical skills, excellent communication, and client-facing abilities to deliver tailored security solutions. The ideal candidate will have 10+ years of cybersecurity experience, proven expertise with Microsoft Sentinel and Defender, and deep knowledge of KQL. UltraViolet Cyber offers a competitive salary and benefits package.

Requirements

• 10 years of SIEM experience in Splunk, Qradar, Microsoft, and comparable SIEMS
• Hands-on experience with other SIEM platforms (Splunk, IBM QRadar, Microsoft Sentinel, etc.) and integrating them with endpoint security tools
• Strong understanding of cybersecurity principles, threat detection, and SIEM management
• Experience working with Sentinel One Core EDR technology
• Proficiency in scripting and automation (Python, PowerShell, etc.)
• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience)
• 10+ years of experience in cybersecurity in a SOC or security engineering capacity
• Proven hands-on expertise with Microsoft Sentinel and Microsoft Defender suite
• Deep knowledge of Kusto Query Language (KQL) and building custom analytics rules and workbooks in Sentinel
• Strong experience in customer-facing roles
• Experience with incident response, threat detection, and threat hunting techniques
• Strong understanding of cloud security, especially in Azure environments
• Familiarity with MITRE ATT&CK, NIST, and other security frameworks
• Experience integrating Sentinel with third-party solutions (e.g., threat intel feeds, ticketing systems)

Responsibilities

• Architect, deploy, and maintain Microsoft Sentinel for SIEM use cases including log ingestion, data normalization, and incident correlation
• Manage and optimize Microsoft Defender for Endpoint, Identity, Cloud, M65, and other Defender tools to maximize protection and visibility
• Develop custom queries, detection rules, workbooks, and automation playbooks to improve threat detection and response efficiency
• Lead the design and implementation of security monitoring, including data connectors, analytics rules, and incident automation
• Collaborate with threat analysts and incident response teams to triage, investigate, and respond to security alerts and incidents
• Provide technical guidance in security best practices, incident response procedures, and threat hunting using Microsoft security tools
• Continuously assess the security landscape and recommend improvements to policies, tools, and configurations

Preferred Qualifications

Experience with cloud security (AWS, Azure, GCP) and cloud-native SIEM solutions is a plus

Benefits

• 401(k), including an employer match of 100% of the first 3% contributed and 50% of the next 2% contributed
• Medical, Dental, and Vision Insurance (available on the 1st day of the month following your first day of employment)
• Group Term Life, Short-Term Disability, Long-Term Disability
• Voluntary Life, Hospital Indemnity, Accident, and/or Critical Illness
• Participation in the Discretionary Time Off (DTO) Program
• 11 Paid Holidays Annually