Microsoft Sentinel Security Platform Engineer

Allied Consultants, Inc is a proudly Austin based firm with over 34 years of experience delivering top-tier technical and business professionals within Texas State Agencies. We are currently seeking an experience Microsoft Sentinel Security Platform Engineer to play a key role within a high-impact technical services team.

At Allied Consultants, we value our consultants and are committed to providing an exceptional experience including:

• Highly competitive pay rates
• Local support staff for responsive, personal service
• Comprehensive benefits package, including:
  • Medical insurance (with employer cost sharing)
  • Life insurance
  • A 401(K) plan with company match
  • Flexible spending through a cafeteria plan

Candidates selected for interviews will be subject to a criminal background check and may be required to pass a drug screening, in compliance with federal and state regulations. All offers of employment are contingent upon successful completion of these checks.

Allied Consultants is a proud to be an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.

**Location of job: Onsite. Candidates MUST be local to Austin, TX**

Essential Job Functions (EJFs)

1. Microsoft Sentinel SOAR Development (40%)

• • Designs, develops, tests, and deploys Sentinel SOAR automation playbooks using Azure Logic Apps, Azure Functions, ARM templates, and REST APIs.
  • Creates automated workflows for alert enrichment, triage, response actions, notification processes, and case management.
  • Integrates Sentinel with third-party systems (EDR, IAM, ticketing systems, email gateways, firewalls, etc.) to automate security operations.

2. UEBA & Analytics Engineering (30%)

• • Develops custom UEBA detection rules, anomaly models, ML-based behavior patterns, and advanced hunting queries (KQL).
  • Builds and maintains analytics content, data parsers, normalization rules, and entity behavior profiles.
  • Evaluates behavioral anomalies and collaborates with cybersecurity teams to fine-tune detection logic.

3. SIEM Content Development & Platform Engineering (15%)

• • Designs and implements custom data connectors, ingestion pipelines, and data transformation logic.
  • Creates dashboards, workbooks, hunting queries, and detection-as-code assets.
  • Performs platform tuning to improve performance, reduce noise, and align to MITRE ATT&CK and Zero Trust principles.

4. Application Development & Integration (10%)

• • Develops supporting code modules, scripts, microservices, and helper APIs using Python, PowerShell, .NET, or similar languages.
  • Works with DevOps pipelines, CI/CD processes, version control, and infrastructure-as-code where applicable.

5. Documentation, Collaboration & Support (5%)

• • Writes technical design documents, SOPs, architecture diagrams, and automation runbooks.
  • Collaborates with DSHS, HHSC CISO Office, and cross-functional stakeholders on requirements, testing, and deployment.
  • Provides Tier III support for Sentinel engineering issues and participates in after-action reviews when needed.

Knowledge, Skills, and Abilities (KSAs)

Knowledge of:

• Microsoft Sentinel architecture, SOAR, and UEBA capabilities.
• Azure cloud services, Logic Apps, Azure Functions, Event Hubs, Key Vault, and Azure AD.
• Security operations processes (triage, threat detection, incident response, threat modeling).
• MITRE ATT&CK, NIST CSF, Zero Trust Architecture concepts.
• Programming and scripting languages (Python, PowerShell, KQL, C#, JavaScript, or equivalent).
• CI/CD pipelines, DevOps practices, and Git-based version control.
• API integrations and JSON/YAML structures.

Skills in:

• Building Logic App workflows and custom Sentinel automation playbooks.
• Writing complex KQL queries for analytics, hunting, and behavioral detection.
• Developing custom connectors, data maps, and parsers.
• Designing and optimizing UEBA detection models.
• Debugging SOAR workflows and resolving integration issues.
• Communicating technical information clearly to both technical and non-technical audiences.

Abilities to:

• Work independently and take ownership of complex development tasks.
• Translate security requirements into scalable technical solutions.
• Analyze threat behaviors and develop meaningful detections.
• Work collaboratively with cybersecurity, infrastructure, and application teams.
• Manage multiple work assignments and meet deadlines.