Wintrio LLC
Microsoft Sentinel Detection Engineer / KQL Engineer
Remote
·
Full time
Company website
As a Microsoft Sentinel Detection Engineer / KQL Engineer, you will design, tune, and maintain detection content, Sentinel workbooks, analytics rules, KQL queries, automation rules, and dashboards for a federal client’s security operations environment.
About Wintrio LLC
Description
Microsoft Sentinel Detection Engineer / KQL Engineer
Company Overview
WINTrio LLC (WINTrio) is a leading provider of Cyber/DevSecOps, Cloud, Artificial Intelligence (AI)/Machine Learning (ML), and Agile Software Development solutions. We collaborate closely with federal and commercial clients to solve complex technical challenges by delivering innovative, agile, and cost-effective solutions. Our team is empowered to think creatively and deliver impactful results that drive measurable value.
Role: Microsoft Sentinel Detection Engineer / KQL Engineer
Location: Remote, with occasional client support as required
Client: Long-term Federal/Public Sector
Work Authorization: US Citizen or Green Card preferred; must be able to pass federal background and suitability requirements.
Job Summary:
As a Microsoft Sentinel Detection Engineer / KQL Engineer, you will design, tune, and maintain detection content, Sentinel workbooks, analytics rules, KQL queries, automation rules, and dashboards for a federal client’s security operations environment.
Key Responsibilities:
- Design and configure Microsoft Sentinel analytics rules, workbooks, dashboards, watchlists, and hunting queries.
- Tune existing detections to reduce false positives and improve signal quality.
- Develop KQL queries for identity, endpoint, network, cloud, email, GitHub, SQL, and backup monitoring.
- Align detection use cases to MITRE ATT&CK and federal monitoring priorities.
- Build dashboards for technical teams and executive stakeholders.
- Support ingestion validation, schema mapping, normalization, and log source onboarding.
- Collaborate with SOC analysts to convert recurring investigation patterns into repeatable detections.
- Support automation development using Sentinel automation rules, Microsoft Defender XDR, and Logic Apps.
- Document detection logic, playbooks, data dependencies, and tuning rationale.
Required Qualifications:
- Bachelor’s degree in Cybersecurity, Computer Science, Data Analytics, Information Technology, or related field.
- 5+ years of SIEM engineering, detection engineering, SOC content development, or cyber analytics experience.
- Strong hands-on Microsoft Sentinel and KQL experience.
- Experience building dashboards, workbooks, analytics rules, watchlists, and hunting queries.
- Experience with Microsoft Defender XDR, MDE, MDI, Entra ID, and Azure Log Analytics.
- Strong understanding of MITRE ATT&CK, incident detection, and detection-as-code principles.
Tools and Preferred Qualifications:
- Microsoft Sentinel, KQL, Defender XDR, Logic Apps, Azure Monitor, Log Analytics.
- GitHub, AWS logs, SQL Server auditing, Proofpoint, Cisco, Checkpoint, iBoss, Veeam.
- SC-200, AZ-500, CISSP, GCIA, GCIH, or equivalent preferred.
Benefits
- Medical, Dental, and Vision Insurance
- FSA & HSA options
- 401(k) Retirement Plan
- Annual Bonus & Profit Sharing
- Paid Time Off (PTO) & Vacation
- Employee Assistance Program (EAP)
- Life & Disability Insurance
Why Join WINTrio?
WINTrio is a people-first, employee-driven organization. We offer opportunities to grow across emerging technologies, program management, and business development while working on high-impact federal initiatives.
Equal Opportunity Employer
WINTrio LLC is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration without regard to race, color, religion, sex, gender identity, national origin, age, veteran status, or disability.
📩 Apply Now: https://www.wintrio.com/jobs/microsoft-sentinel-detection-engineer-kql-engineer/
Salary
$10,000 - $300,000 per year