ZipRecruiter

Log In

1

Azure Sentinel Kql Jobs (NOW HIRING)

Synthesis Health

IT Security Engineer (L3)

Charleston, WV · On-site

$105K - $125K/yr

Microsoft Sentinel: KQL, data connectors, analytics rules, workbook authoring, cost management ... Azure VM and Docker Compose administration * SharePoint Online administration and Viva Connections

Synthesis Health

IT Security Engineer (L3)

Charleston, WV · Remote

$105K - $125K/yr

Microsoft Sentinel: KQL, data connectors, analytics rules, workbook authoring, cost management ... Azure VM and Docker Compose administration * SharePoint Online administration and Viva Connections

Navteca

Junior Cloud DevSecOps Engineer

Washington, DC · On-site

... Sentinel, AWS logging services, or similar SIEM platforms Assist with basic KQL query building and ... Microsoft Entra ID (Azure AD) AWS IAM MFA and access control Security monitoring and alert triage ...

Navteca

Junior Cloud DevSecOps Engineer

Washington, DC

... Sentinel, AWS logging services, or similar SIEM platforms Assist with basic KQL query building and ... Microsoft Entra ID (Azure AD) AWS IAM MFA and access control Security monitoring and alert triage ...

next page

Showing results 1-20

All JobsAzure Sentinel Kql Jobs

Azure Sentinel Kql information

See salary details

$61K

$103K

$129K

How much do azure sentinel kql jobs pay per year?

As of Jun 10, 2026, the average yearly pay for azure sentinel kql in the United States is $103,000.00, according to ZipRecruiter salary data. Most workers in this role earn between $72,500.00 and $122,500.00 per year, depending on experience, location, and employer.

What are some common challenges faced by professionals working with Azure Sentinel KQL, and how can they be addressed?

One common challenge for professionals using Azure Sentinel KQL is efficiently querying and interpreting large volumes of log data while maintaining optimal performance. Navigating the learning curve of KQL syntax and understanding the structure of various data tables can also be complex. To address these challenges, it is helpful to leverage built-in query examples, participate in community forums, and regularly review Microsoft's official documentation for best practices. Collaborating closely with security analysts and IT teams can also streamline the process of creating effective detection rules and incident investigations.

What are the key skills and qualifications needed to thrive as an Azure Sentinel KQL Specialist, and why are they important?

To excel as an Azure Sentinel KQL Specialist, you need expertise in security information and event management (SIEM), proficiency in Kusto Query Language (KQL), and a strong understanding of cybersecurity concepts, often supported by certifications like Microsoft Certified: Security Operations Analyst Associate. Familiarity with Azure Sentinel, log analytics workspaces, threat intelligence tools, and incident response platforms is essential. Analytical thinking, attention to detail, and effective communication skills help specialists investigate incidents and convey findings clearly. These skills are vital for efficiently detecting, analyzing, and mitigating security threats in cloud environments.

What is the difference between Azure Sentinel Kql and Security Analyst?

AspectAzure Sentinel KqlSecurity Analyst
Primary RoleWriting queries to analyze security dataMonitoring, investigating, and responding to security incidents
Required SkillsProficiency in Kusto Query Language (KQL), data analysisSecurity best practices, incident response, analytical skills
Work EnvironmentSecurity platforms, cloud environments, data analysis toolsSecurity operations centers, incident response teams
CertificationsAzure certifications, security fundamentalsCompTIA Security+, CISSP, CEH

Azure Sentinel Kql specialists focus on creating and optimizing queries within Azure Sentinel to detect threats, while Security Analysts handle broader security monitoring and incident response. Both roles require security knowledge, but KQL experts are more technical in data analysis, whereas Security Analysts have a wider security scope.

What is Azure Sentinel KQL?

Azure Sentinel KQL refers to the use of Kusto Query Language (KQL) within Microsoft Azure Sentinel, a cloud-native security information and event management (SIEM) solution. KQL is a powerful query language used to search, analyze, and visualize large volumes of data stored in Azure Log Analytics. Security analysts and administrators use KQL in Sentinel to create custom detections, investigate incidents, and build dashboards. Learning KQL is essential for leveraging the full capabilities of Azure Sentinel in threat detection and response.
What cities are hiring for Azure Sentinel Kql jobs? Cities with the most Azure Sentinel Kql job openings:
What states have the most Azure Sentinel Kql jobs? States with the most job openings for Azure Sentinel Kql jobs include:
What job categories do people searching Azure Sentinel Kql jobs look for? The top searched job categories for Azure Sentinel Kql jobs are:
Azure Sentinel Kql jobs near you
Infographic showing various Azure Sentinel Kql job openings in the United States as of June 2026, with employment types broken down into 99% Full Time, and 1% Part Time. Highlights an 68% Physical, 16% Hybrid, and 16% Remote job distribution, with an average salary of $103,000 per year, or $49.5 per hour.
CMMC Security Engineer (Hybrid)

CMMC Security Engineer (Hybrid)

Intelligent Technical Solutions

Las Vegas, NV • Hybrid

$120K - $170K/yr

Full-time

Medical, Dental, Vision, Life, Retirement, PTO

Posted yesterday

Job description

Job Description
We are seeking a CMMC Security Engineer to design and build compliant Azure and Microsoft 365 environments for our CMMC consulting clients. This is a hands-on technical role. You will provision GCC and GCC High tenants, architect network security (Azure Firewall, VPN, NSGs), configure Entra ID with Conditional Access and Privileged Identity Management, deploy Intune for endpoint management, stand up Microsoft Sentinel for SIEM/SOAR, configure Purview for data protection, and deploy Defender for Endpoint across client environments. You will work from documented SOPs and a Control-Task Tracker that maps each NIST 800-171 control to specific Azure/M365 configurations. You will also capture technical evidence (screenshots, configuration exports, audit logs) to support the compliance documentation created by our GRC Consultants.

Job Responsibilities:
  • Design and deploy CMMC-compliant enclave architectures in Azure: cloud-only (GCC/GCC High), hybrid (on-prem + GCC), and on-premises environments. Select and implement the appropriate topology (hub-spoke, segmented) based on client requirements.
  • Provision and configure Microsoft 365 GCC and GCC High tenants including initial setup, domain verification, licensing assignment, and tenant hardening.
  • Configure Microsoft Entra ID: user provisioning, Security Groups, Administrative Units, Conditional Access policies (MFA, device compliance, location-based, session controls), Privileged Identity Management (PIM), and Identity Protection risk policies.
  • Deploy and configure Microsoft Intune: device enrollment, compliance policies, configuration profiles, security baselines (CIS/STIG), BitLocker encryption with FIPS 140-2 compliance, Windows Update for Business rings, and application management via Company Portal.
  • Deploy and configure Microsoft Sentinel: Log Analytics workspace setup, data connector deployment (M365, Entra ID, Defender, Azure Activity, Firewall, NSG flow logs), KQL-based analytics rules, automation playbooks (Logic Apps), and CMMC compliance workbooks/dashboards.
  • Deploy and configure Microsoft Defender for Endpoint: device onboarding, antivirus policies, Attack Surface Reduction (ASR) rules, endpoint DLP, network protection, web content filtering, and vulnerability management.
  • Configure Microsoft Purview: sensitivity labels (CUI, FCI, Public), auto-labeling policies, DLP policies across Exchange, SharePoint, Teams, and endpoints, and information barriers where required.
  • Design and implement Azure networking: Virtual Networks, subnets, NSGs, Azure Firewall, Azure Bastion, VPN Gateway (site-to-site and point-to-site), Private Endpoints, route tables, and DDoS Protection.
  • For hybrid environments: configure Azure AD Connect (or Cloud Sync), hybrid device join, pass-through authentication or password hash sync, split DNS, and Azure Arc for on-premises server management.
  • Configure encryption across the environment: BitLocker (XTS-AES 256), FIPS 140-2 compliance mode, TLS 1.2+ enforcement, VPN encryption (IKEv2/AES-256), and Purview encryption for CUI-labeled content.
  • Execute remediation tasks from the CMMC Remediation Tracker as assigned by the GRC Consultant. Each task maps a specific NIST 800-171 control objective to an Azure/M365 configuration with step-by-step instructions.
  • Capture and organize technical evidence for each implemented control: configuration screenshots, policy exports (JSON), audit log samples, compliance reports, and test results.
  • Support incident response capability deployment: Sentinel playbook creation, automated notification workflows, and incident response procedure testing.
  • Perform client environment migrations to GCC/GCC High (tenant-to-tenant migration using BitTitan, ShareGate, or native Microsoft tools).
  • Work across 4-7 concurrent client environments at various stages of build and remediation.

Job Qualifications:
Required Technical Experience:
  • Willing to work in a hybrid setup—remotely or on-site at client locations, as required.
  • 3+ years hands-on experience administering Microsoft Azure and M365 environments in a professional capacity (not lab-only).
  • Direct experience configuring Conditional Access policies, Entra ID PIM, and identity architecture (cloud-only and hybrid with Azure AD Connect).
  • Direct experience deploying and managing Microsoft Intune for endpoint compliance, configuration profiles, security baselines, and BitLocker management.
  • Direct experience deploying Microsoft Sentinel including data connectors, KQL query writing, analytics rules, and automation playbooks.
  • Experience configuring Azure networking: VNets, NSGs, Azure Firewall or third-party NVA, VPN Gateway, and network security architecture.
  • Experience deploying Microsoft Defender for Endpoint including device onboarding, ASR rules, and vulnerability management.
  • Proficiency with PowerShell and Microsoft Graph API for automation and bulk configuration tasks.
  • Understanding of NIST SP 800-171 controls and how they map to specific Azure/M365 technical implementations.

Strongly Preferred Technical Experience:
  • Experience with Microsoft 365 GCC or GCC High environments (tenant provisioning, licensing nuances, feature differences from commercial M365).
  • Experience with tenant-to-tenant migrations (commercial to GCC/GCC High) using BitTitan MigrationWiz, ShareGate, or native Microsoft tools.
  • Experience configuring Microsoft Purview: sensitivity labels, auto-labeling, DLP policies across Exchange, SharePoint, Teams, and endpoints.
  • Experience with FIPS 140-2 configuration and DISA STIG or CIS benchmark implementation via Intune or GPO.
  • Experience supporting defense industrial base (DIB) or federal contractor IT environments.
  • Experience with Azure Arc for hybrid server management and Azure Bastion for secure remote administration.

Required Certifications:
(must hold at least two from this list):
  • Microsoft Certified: Azure Solutions Architect Expert (AZ-305) - Architecture design and decision-making.
  • Microsoft Certified: Azure Administrator Associate (AZ-104) - Core Azure resource management.
  • Microsoft Certified: Security Operations Analyst Associate (SC-200) - Sentinel, Defender, and security operations.
  • Microsoft Certified: Identity and Access Administrator Associate (SC-300) - Entra ID, Conditional Access, PIM.
  • Microsoft Certified: Information Protection and Compliance Administrator (SC-400) - Purview, DLP, sensitivity labels.
  • Microsoft Certified: Endpoint Administrator Associate (MD-102) - Intune and device management.

Preferred Certifications:
(significant advantage):
  • CompTIA Security+ (SY0-701).
  • CMMC Registered Practitioner (RP) - Understanding of CMMC framework from technical perspective.
  • Microsoft Certified: Cybersecurity Architect Expert (SC-100).
  • Microsoft 365 Certified: Administrator Expert (MS-102).
  • Certified Information Systems Security Professional (CISSP).
  • GIAC certifications (GSEC, GCIA, GCIH) - Deep security operations knowledge.

Skills & Competencies:
  • Execution-focused: ability to follow SOPs and runbooks precisely while identifying when something does not match documented steps and escalating appropriately.
  • Multi-tenant management: comfortable switching between 4-7 different client Azure/M365 environments daily without cross-contaminating configurations.
  • Documentation discipline: every configuration change is documented, every evidence artifact is captured, every deviation from the SOP is noted.
  • Troubleshooting: when Conditional Access blocks legitimate users, when Sentinel data connectors go unhealthy, or when WDAC blocks a required application, you can diagnose and resolve without waiting for escalation.
  • Security mindset: you understand why least privilege matters, why default-deny is the correct network posture, and why FIPS-validated encryption is required for CUI.
  • Clear written communication: when you find something in the client environment that does not match what the GRC Consultant scoped, you can document it clearly so the team can make decisions.

Compensation:
Pay rate ranges from $120,000.00/annum up to $170,000.00/annum and may vary by experience and location.

Benefits:
  • Benefits.
  • Medical Insurance Plan.
  • Dental & Vision.
  • Life Insurance.
  • Disability Coverage.
  • Paid Time Off (starts at 15 days per year).
  • Maternity/Paternity Leave.
  • Paid US Holiday.
  • Retirement Plan.
  • Salary Advancement/Loan.
  • Health & Wellness Program.
  • Company-paid training and certification.
  • Supplemental Life Insurance (Employee-paid).
  • Supplemental Health Plans (Employee-paid).