Description
We are looking for a skilled Microsoft Sentinel Engineer to design, build, and operationalize a Microsoft Sentinel Security Information and Event Management (SIEM) and SOAR solution from the ground up. This contract role is critical for establishing a modern, centralized security operations platform that ingests data from multiple sources, detects threats using advanced analytics, automates response through playbooks, and delivers actionable insights to leadership.
The successful candidate will serve as the lead architect and implementer, responsible for configuring data connectors, developing custom KQL analytics rules, building automation workflows, and integrating Sentinel with existing tools and processes.
Key Responsibilities
Architect and deploy Microsoft Sentinel from scratch in a greenfield environment
Configure and optimize data connectors for the following sources:
Fortinet Firewall
Nutanix
Windows Servers & Endpoints
Microsoft 365 E5 Security
Veeam Backup
(Additional connectors as identified)
Develop custom KQL (Kusto Query Language) analytics rules for threat detection, anomaly detection, and hunting
Design and implement SOAR playbooks using Azure Logic Apps for automated investigation and response
Enable and tune User and Entity Behavior Analytics (UEBA)
Create executive-level workbooks and dashboards for leadership visibility and reporting
Integrate Microsoft Sentinel with the existing ticketing system for automated incident creation and orchestration
Establish ingestion cost controls, data retention policies, and optimization strategies
Develop runbooks, operational procedures, and knowledge transfer materials for the internal SOC team
Provide expert guidance on Sentinel best practices, scaling, and roadmap
Requirements
Mandatory Certifications:
SC-200: Microsoft Security Operations Analyst (must be current)
AZ-500: Microsoft Azure Security Technologies (must be current)
6+ years of hands-on experience with Microsoft Sentinel and Azure security technologies
Strong demonstrated expertise in writing and optimizing KQL (Kusto Query Language) queries and analytics rules (candidates will be asked to provide a sample KQL rule during the interview process)
Proven experience deploying Sentinel in production environments, including data connector configuration, custom rule development, SOAR playbooks, UEBA, and integrations
Deep knowledge of Azure Logic Apps for automation and orchestration
Experience integrating Sentinel with third-party firewalls, backup solutions, hypervisors, and Microsoft 365 security tools
Solid understanding of security operations workflows, incident response processes, and SIEM/SOAR best practices
Preferred Qualifications
Experience in healthcare or regulated industries
Familiarity with Microsoft Defender suite and Entra ID integration with Sentinel
Prior work with MITRE ATT& CK framework mapping in analytics rules
Experience with Azure Data Explorer, Log Analytics workspaces, and cost management
Additional certifications such as SC-400 or MS-500
Technology Doesn't Change the World, People Do.®
Robert Half is the world's first and largest specialized talent solutions firm that connects highly qualified job seekers to opportunities at great companies. We offer contract, temporary and permanent placement solutions for finance and accounting, technology, marketing and creative, legal, and administrative and customer support roles.
Robert Half works to put you in the best position to succeed. We provide access to top jobs, competitive compensation and benefits, and free online training. Stay on top of every opportunity - whenever you choose - even on the go. Download the Robert Half app (https://www.roberthalf.com/us/en/mobile-app) and get 1-tap apply, notifications of AI-matched jobs, and much more.
All applicants applying for U.S. job openings must be legally authorized to work in the United States. Benefits are available to contract/temporary professionals, including medical, vision, dental, and life and disability insurance. Hired contract/temporary professionals are also eligible to enroll in our company 401(k) plan. Visit roberthalf.gobenefits.net for more information.
© 2025 Robert Half. An Equal Opportunity Employer. M/F/Disability/Veterans. By clicking "Apply Now," you're agreeing to Robert Half's Terms of Use (https://www.roberthalf.com/us/en/terms) and Privacy Notice (https://www.roberthalf.com/us/en/privacy) .
