Job Description
Job Title: Cybersecurity Engineer
Location: Austin, TX (Onsite) Local Only
Position Type: Contract
Interview Mode : MS Teams & In-person both
Key Responsibilities
1. Security Automation (SOAR) Development (40%)
- Design, develop, test, and deploy Microsoft Sentinel automation playbooks using Azure Logic Apps, Azure Functions, ARM templates, and REST APIs.
- Build automated workflows for alert enrichment, investigation, response actions, notifications, and case management.
- Integrate Sentinel with third-party security and enterprise platforms such as EDR, IAM, ticketing systems, email security tools, and firewalls.
- Optimize automation for reliability, scalability, and security best practices.
2. UEBA & Analytics Engineering (30%)
- Develop advanced analytics rules, anomaly detection logic, behavioral models, and threat-hunting queries using KQL.
- Create and maintain UEBA detections, data normalization rules, and entity behavior profiles.
- Analyze behavioral anomalies and collaborate with cybersecurity teams to fine-tune detections and reduce false positives.
- Align analytics with industry frameworks such as MITRE ATT&CK.
3. SIEM Content & Platform Engineering (15%)
- Design and implement custom data connectors, ingestion pipelines, and transformation logic.
- Build dashboards, workbooks, hunting queries, and detection-as-code assets.
- Tune Sentinel performance to reduce alert noise, improve visibility, and enhance operational efficiency.
- Support Zero Trust and NIST security principles in SIEM design.
4. Application Development & Integration (10%)
- Develop supporting scripts, services, and APIs using Python, PowerShell, .NET, or similar languages.
- Work with CI/CD pipelines, source control, and infrastructure-as-code to support secure development practices.
- Support integration between Sentinel and cloud or on-premises systems.
5. Documentation, Collaboration & Support (5%)
- Create technical documentation, design artifacts, standard operating procedures, and automation runbooks.
- Collaborate with DSHS teams, the HHSC CISO Office, and cross-functional stakeholders on requirements and deployments.
- Provide Tier III engineering support and participate in post-incident reviews as needed.
Required Knowledge, Skills, and Abilities
Knowledge of:
- Microsoft Sentinel architecture, SOAR, and UEBA capabilities
- Azure services including Logic Apps, Azure Functions, Event Hubs, Key Vault, and Azure Active Directory
- Security operations processes such as incident response, threat detection, and investigation
- MITRE ATT&CK, NIST CSF, and Zero Trust concepts
- Programming and scripting languages (Python, PowerShell, KQL, C#, JavaScript, or equivalent)
- DevOps practices, CI/CD pipelines, and Git-based version control
- API integrations and JSON/YAML formats
II. CANDIDATE SKILLS AND QUALIFICATIONS
| Minimum Requirements:
Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity. |
| Years | Required/Preferred | Experience |
| 4 | Required | Graduation from an accredited four-year college or university with major coursework in computer science, computer information systems, software engineering, cybersecurity, or a related field. |
| 2 | Required | Two (2) years of full-time experience in software development, cloud engineering, SIEM engineering, or cybersecurity engineering. |
| 2 | Required | Two (2) years of full-time experience in software development, cloud engineering, SIEM engineering, or cybersecurity engineering. |
| 3 | Preferred | Three (3) or more years of hands-on technical experience with Microsoft Sentinel. |
| 1 | Preferred | Experience developing UEBA models, anomaly detection rules, and behavior-based analytics. |
| 1 | Preferred | Experience building Security Automation Playbooks (SOAR). |
| 1 | Preferred | Microsoft certifications such as: SC-200: Security Operations Analyst, AZ-900 / AZ-104, SC-100 / SC-300 |
| 1 | Preferred | Experience integrating Sentinel with EDR, IAM, firewalls, and ticketing systems. |
| 1 | Preferred | Experience with DevOps pipelines (GitHub, Azure DevOps). |
| 1 | Preferred | Experience working in a government, healthcare, or regulatory environment. |
Job Tags
Full time, Contract work, Work at office, Local area,