Job Description

Job Title: Cybersecurity Engineer

Location: Austin, TX (Onsite) Local Only

Position Type: Contract

Interview Mode : MS Teams & In-person both

Key Responsibilities

1. Security Automation (SOAR) Development (40%)

• Design, develop, test, and deploy Microsoft Sentinel automation playbooks using Azure Logic Apps, Azure Functions, ARM templates, and REST APIs.
• Build automated workflows for alert enrichment, investigation, response actions, notifications, and case management.
• Integrate Sentinel with third-party security and enterprise platforms such as EDR, IAM, ticketing systems, email security tools, and firewalls.
• Optimize automation for reliability, scalability, and security best practices.

2. UEBA & Analytics Engineering (30%)

• Develop advanced analytics rules, anomaly detection logic, behavioral models, and threat-hunting queries using KQL.
• Create and maintain UEBA detections, data normalization rules, and entity behavior profiles.
• Analyze behavioral anomalies and collaborate with cybersecurity teams to fine-tune detections and reduce false positives.
• Align analytics with industry frameworks such as MITRE ATT&CK.

3. SIEM Content & Platform Engineering (15%)

• Design and implement custom data connectors, ingestion pipelines, and transformation logic.
• Build dashboards, workbooks, hunting queries, and detection-as-code assets.
• Tune Sentinel performance to reduce alert noise, improve visibility, and enhance operational efficiency.
• Support Zero Trust and NIST security principles in SIEM design.

4. Application Development & Integration (10%)

• Develop supporting scripts, services, and APIs using Python, PowerShell, .NET, or similar languages.
• Work with CI/CD pipelines, source control, and infrastructure-as-code to support secure development practices.
• Support integration between Sentinel and cloud or on-premises systems.

5. Documentation, Collaboration & Support (5%)

• Create technical documentation, design artifacts, standard operating procedures, and automation runbooks.
• Collaborate with DSHS teams, the HHSC CISO Office, and cross-functional stakeholders on requirements and deployments.
• Provide Tier III engineering support and participate in post-incident reviews as needed.

Required Knowledge, Skills, and Abilities

Knowledge of:

• Microsoft Sentinel architecture, SOAR, and UEBA capabilities
• Azure services including Logic Apps, Azure Functions, Event Hubs, Key Vault, and Azure Active Directory
• Security operations processes such as incident response, threat detection, and investigation
• MITRE ATT&CK, NIST CSF, and Zero Trust concepts
• Programming and scripting languages (Python, PowerShell, KQL, C#, JavaScript, or equivalent)
• DevOps practices, CI/CD pipelines, and Git-based version control
• API integrations and JSON/YAML formats

II. CANDIDATE SKILLS AND QUALIFICATIONS

Job Tags

Similar Jobs