We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, culture and talent experience and our ability to be compelling to our clients. You'll find an environment that inspires and empowers you to thrive both personally and professionally. There's no one like you and that's why there's nowhere like RSM.
The Defense Microsoft Sentinel Engineer will deploy, configure, and optimize Microsoft Sentinel to monitor, detect, and respond to security threats. This role involves designing SIEM workflows, developing custom analytics rules, and integrating log sources from cloud and on-premises environments. The engineer will automate incident response processes, conduct threat hunting, and ensure compliance with security best practices. Collaboration with SOC analysts, IT teams, and stakeholders is critical to enhancing organizational security posture and mitigating risks for this role.
Responsibilities:
SIEM Implementation: Configure Microsoft Sentinel workspaces, data connectors, and log analytics.
Threat Detection: Develop custom KQL queries, analytics rules, and workbooks to identify security incidents.
Incident Response: Investigate, triage, and remediate security events while documenting root causes.
Automation: Build playbooks using Azure Logic Apps or PowerShell/Python scripts to streamline workflows.
Log Integration: Ingest and normalize logs from Azure services, firewalls, endpoints, and third-party tools.
Threat Hunting: Proactively identify vulnerabilities and adversarial tactics using advanced queries.
Collaboration: Partner with SOC, network, and infrastructure teams to refine security strategies.
Documentation: Maintain runbooks, incident reports, and configuration guidelines.
Required Qualifications:
Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience).
2+ years of hands-on experience with Microsoft Sentinel, including log ingestion and KQL query development.
Proficiency in scripting languages (PowerShell, Python) for automation and custom tooling.
Knowledge of Azure security services (e.g., Azure AD, Log Analytics, Defender).
Understanding of SIEM/SOC operations, threat landscapes, and MITRE ATT&CK framework.
Strong analytical and problem-solving skills for incident investigation
Preferred Qualifications:
Certifications: Microsoft Certified: Azure Security Engineer Associate, CISSP, or GIAC certifications.
3+ years of SIEM experience, including advanced Sentinel use cases like UEBA or SOAR integration.
Expertise in Azure infrastructure (e.g., ARM templates, RBAC, Azure Policy).
Experience with threat intelligence platforms and hybrid cloud architectures.
Familiarity with compliance standards (CMMC,NIST, ISO 27001) and regulatory requirements
At RSM, we offer a competitive benefits and compensation package for all our people.We offer flexibility in your schedule, empowering you to balance life's demands, while also maintaining your ability to serve clients.Learn more about our total rewards at https://rsmus.com/careers/working-at-rsm/benefits.
All applicants will receive consideration for employment as RSM does not tolerate discrimination and/or harassment based on race; color; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender; sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the US uniformed service; US Military/Veteran status; pre-disposing g
