Job Description

CWS is seeking a skilled Microsoft Sentinel Engineer to manage the configuration, operation, and maintenance of Microsoft Sentinel while meeting Government requirements. The ideal candidate will have experience in designing, documenting, and optimizing Sentinel resources, as well as developing and managing SIEM rules and use cases using KQL. Additionally, the candidate will provide consultative advice on security principles, assist in project planning, participate in relevant working group meetings, and maintain standard operating procedures.

Key Tasks and Responsibilities

* Design and document Sentinel resources to meet Government requirements.

* Verify data from log sources in Sentinel based on applicable Federal guidelines.

* Develop Microsoft Sentinel SIEM rules use cases and perform rule optimization.

* Develop new Sentinel use cases, rules, correlations, and dashboards using KQL.

* Offer consultative advice on security principles and best practices related to Sentinel operations.

* Assist in the creation and maintenance of Sentinel related project plans.

* Participate in DHS SOC and Continuous Diagnostics and Mitigation (CDM) working group meetings.

* Develop and brief Sentinel project/tasking status reports at weekly staff meetings.

* Develop and maintain standard operating procedures.

* Work with Cybersecurity and other IT support teams as needed in support of Sentinel aspects of incident response.

* Configure Sentinel data connectors to meet Government data ingestion requirements.

* Develop and manage custom Sentinel data connectors.

* Design, configure, and manage custom Sentinel workbooks to meet reporting requirements.

* Design, configure, and manage Sentinel analytics rules and automation playbooks.

* Work with the team to design and implement role-based access control (RBAC) across various Sentinel resources.

Education & Experience

* Bachelor's degree (preferred).

* Minimum 10 years of overall IT experience.

* Minimum 4 years of experience in a similar role.

* Proficiency in Kusto Query Language (KQL).

* Knowledge of Azure Sentinel components and Azure Cloud Technologies.

* Familiarity with different security attack vectors and protection measures.

* Experience with Azure Sentinel SIEM platform.

* Intermediate PowerShell experience.

* Experience with Microsoft Cloud Technologies such as Azure, M365 Defender, Azure Active Directory, Exchange Online.

* Basic support experience with Networking and Storage.

* Ability to work in a dynamic environment and coordinate multiple assignments.

* Excellent communication skills - both written and verbal.

* Ability to work independently to resolve complex issues.

* Knowledge of the organization's mission.

* Experience configuring Sentinel data connectors, developing and managing custom connectors, designing and managing custom workbooks, designing and managing analytics rules and automation playbooks, and implementing RBAC across various Sentinel resources.

Certifications

* At least one of relevant industry certifications such as Microsoft Certified Security Operations Analyst, Microsoft Cybersecurity Architect Expert, Microsoft Identity and Access Administrator, or other relevant certifications.

Security Clearance

* Candidate must be a US Citizen.

* DHS Customer will perform and adjudicate customer background investigation prior to work start.

* Candidate must be eligibility for potential Top Secret or Top Secret with SCI.

* Active Top Secret Clearance (Preferred).

Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.)

* Local travel within 50-mile radius of Washington, DC may be required.

* Work location in Washington DC with Telework/Remote work authorized at Customer discretion.

Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.

Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Aaron McClellan in Human Resources at