-
Summary
Job Summary The Information Security SOC Engineer is a hands‑on cybersecurity professional responsible for engineering, operating, and automating detection and response capabilities. The engineer designs and maintains content in Microsoft Sentinel (data connectors, analytics rules, hunting queries, workbooks), enhances protections with Microsoft Defender (Endpoint/XDR, Office 365, Identity), and builds automation using Azure Logic Apps.Key Responsibilities Detection Engineering & SIEM Operations (Microsoft Sentinel and Rapid 7): own Sentinel content lifecycle including data ingestion, analytic rules, KQL queries, UEBA tuning, watchlists, and dashboards; develop hunting queries and proactive threat detection logic; implement incident enrichment and correlation across multiple data sources.Endpoint, Email, and Identity Protection (Microsoft Defender): engineer configurations within Microsoft Defender for Endpoint/XDR, Defender for Office 365, and Identity protection; integrate Defender alerting with Sentinel for enhanced detection correlation.Automation & Orchestration (Azure Logic Apps): build, deploy, and manage Logic Apps SOAR playbooks for automated triage, enrichment, and response; implement approval flows, track automation metrics, and improve MTTR.Incident Response & Collaboration: support containment, eradication, and recovery of security incidents; conduct post‑incident reviews and update detection logic and processes accordingly.Runbooks, Documentation & Continuous Improvement Maintain engineering runbooks, playbooks, and process documentation.Track SOC metrics and produce security operational dashboards.Required Qualifications & Skills Bachelor's degree in Cybersecurity/IT or equivalent experience.2–4+ years in SOC, SIEM engineering, or detection/response roles.Experience building automation.Strong understanding of incident response and MITRE ATT&CK.Experience integrating MSSP feeds and third‑party tools.Certifications such as SC-200, SC-100, AZ-500, Security+, CEH.Strong analytical and communication skills.Team‑oriented with a positive and professional approach.Preferred Qualifications Hands‑on experience with Microsoft Sentinel (KQL, analytics rules, workbooks, connectors).Hands‑on experience with Microsoft Defender (Endpoint/XDR, Office 365, Identity).Scripting experience (PowerShell, Python).Experience building automation using Azure Logic Apps.#J-18808-Ljbffr
-
Job Description
Job Summary The Information Security SOC Engineer is a hands‑on cybersecurity professional responsible for engineering, operating, and automating detection and response capabilities. The engineer designs and maintains content in Microsoft Sentinel (data connectors, analytics rules, hunting queries, workbooks), enhances protections with Microsoft Defender (Endpoint/XDR, Office 365, Identity), and builds automation using Azure Logic Apps.Key Responsibilities Detection Engineering & SIEM Operations (Microsoft Sentinel and Rapid 7): own Sentinel content lifecycle including data ingestion, analytic rules, KQL queries, UEBA tuning, watchlists, and dashboards; develop hunting queries and proactive threat detection logic; implement incident enrichment and correlation across multiple data sources.Endpoint, Email, and Identity Protection (Microsoft Defender): engineer configurations within Microsoft Defender for Endpoint/XDR, Defender for Office 365, and Identity protection; integrate Defender alerting with Sentinel for enhanced detection correlation.Automation & Orchestration (Azure Logic Apps): build, deploy, and manage Logic Apps SOAR playbooks for automated triage, enrichment, and response; implement approval flows, track automation metrics, and improve MTTR.Incident Response & Collaboration: support containment, eradication, and recovery of security incidents; conduct post‑incident reviews and update detection logic and processes accordingly.Runbooks, Documentation & Continuous Improvement Maintain engineering runbooks, playbooks, and process documentation.Track SOC metrics and produce security operational dashboards.Required Qualifications & Skills Bachelor's degree in Cybersecurity/IT or equivalent experience.2–4+ years in SOC, SIEM engineering, or detection/response roles.Experience building automation.Strong understanding of incident response and MITRE ATT&CK.Experience integrating MSSP feeds and third‑party tools.Certifications such as SC-200, SC-100, AZ-500, Security+, CEH.Strong analytical and communication skills.Team‑oriented with a positive and professional approach.Preferred Qualifications Hands‑on experience with Microsoft Sentinel (KQL, analytics rules, workbooks, connectors).Hands‑on experience with Microsoft Defender (Endpoint/XDR, Office 365, Identity).Scripting experience (PowerShell, Python).Experience building automation using Azure Logic Apps.#J-18808-Ljbffr
-
ABOUT THE COMPANY
-
-
Government Careers
Show moreGovernment jobs offer stability, competitive benefits, and the chance to make a meaningful impact on your community and country.
Whether you’re starting your career or seeking new opportunities, these roles provide pathways for growth, security, and service.
Explore positions across a wide range of fields and take the first step toward a rewarding future in public service.
-