Microsoft Sentinel Engineer

Description We are looking for a skilled Microsoft Sentinel Engineer to design, build, and operationalize a Microsoft Sentinel Security Information and Event Management (SIEM) and SOAR solution from the ground up. This contract role is critical for establishing a modern, centralized security operations platform that ingests data from multiple sources, detects threats using advanced analytics, automates response through playbooks, and delivers actionable insights to leadership. The successful candidate will serve as the lead architect and implementer, responsible for configuring data connectors, developing custom KQL analytics rules, building automation workflows, and integrating Sentinel with existing tools and processes. Key Responsibilities + Architect and deploy Microsoft Sentinel from scratch in a greenfield environment + Configure and optimize data connectors for the following sources: + Fortinet Firewall + Nutanix + Windows Servers & Endpoints + Microsoft 365 E5 Security + Veeam Backup + (Additional connectors as identified) + Develop custom KQL (Kusto Query Language) analytics rules for threat detection, anomaly detection, and hunting + Design and implement SOAR playbooks using Azure Logic Apps for automated investigation and response + Enable and tune User and Entity Behavior Analytics (UEBA) + Create executive-level workbooks and dashboards for leadership visibility and reporting + Integrate Microsoft Sentinel with the existing ticketing system for automated incident creation and orchestration + Establish ingestion cost controls, data retention policies, and optimization strategies + Develop runbooks, operational procedures, and knowledge transfer materials for the internal SOC team + Provide expert guidance on Sentinel best practices, scaling, and roadmap Requirements + Mandatory Certifications: + SC-200: Microsoft Security Operations Analyst (must be current) + AZ-500: Microsoft Azure Security Technologies (must be current) + 6+ years of hands-on experience with Microsoft Sentinel and Azure security technologies + Strong demonstrated expertise in writing and optimizing KQL (Kusto Query Language) queries and analytics rules (candidates will be asked to provide a sample KQL rule during the interview process) + Proven experience deploying Sentinel in production environments, including data connector configuration, custom rule development, SOAR playbooks, UEBA, and integrations + Deep knowledge of Azure Logic Apps for automation and orchestration + Experience integrating Sentinel with third-party firewalls, backup solutions, hypervisors, and Microsoft 365 security tools + Solid understanding of security operations workflows, incident response processes, and SIEM/SOAR best practices Preferred Qualifications + Experience in healthcare or regulated industries + Familiarity with Microsoft Defender suite and Entra ID integration with Sentinel + Prior work with MITRE ATT& CK framework mapping in analytics rules + Experience with Azure Data Explorer, Log Analytics workspaces, and cost management + Additional certifications such as SC-400 or MS-500 Technology Doesn't Change the World, People Do.u00ae Robert Half is the worldu2019s first and largest specialized talent solutions firm that connects highly qualified job seekers to opportunities at great companies. We offer contract, temporary and permanent placement solutions for finance and accounting, technology, marketing and creative, legal, and administrative and customer support roles. Robert Half works to put you in the best position to succeed. We provide access to top jobs, competitive compensation and benefits, and free online training. Stay on top of every opportunity - whenever you choose - even on the go. Download the Robert Half app ( and get 1-tap apply, notifications of AI-matched jobs, and much more. All applicants applying for U.S. job openings must be legally authorized to work in the United States. Benefits are available to contract/temporary professionals, including medical, vision, dental, and life and disability insurance. Hired contract/temporary professionals are also eligible to enroll in our company 401(k) plan. Visit roberthalf.gobenefits.net for more information. u00a9 2025 Robert Half. An Equal Opportunity Employer. M/F/Disability/Veterans. By clicking u201cApply Now,u201d youu2019re agreeing to Robert Halfu2019s Terms of Use ( and Privacy Notice (.

Created: 2026-04-15