Microsoft Sentinel Engineer Jobs (NOW HIRING)

Our Deloitte Cyber team understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful solutions to help our clients navigate the ever-changing threat landscape. Through powerful solutions and managed services that simplify complexity, we enable our clients to operate with resilience, grow with confidence, and proactively manage to secure success.

Recruiting for this role ends on 12/31/2026.

Work you'll do

As a Senior Consultant, Sentinel on the Deloitte Cyber team, you will be responsible for:

• Architecting, designing, and implementing Microsoft Sentinel, Microsoft Defender for Endpoint, and extended detection and response solutions across Azure, Amazon Web Services, and Google Cloud Platform environments
• Developing Kusto Query Language queries, functions, analytical rules, dashboards, workbooks, and automation playbooks to support monitoring, detection engineering, threat hunting, and incident response
• Supporting migrations from legacy security information and event management platforms to Microsoft Sentinel, including log onboarding, parser development, custom data source integration, log forwarder deployment, and log collection optimization
• Performing end-to-end event analysis, incident detection, escalation management, false positive tuning, and runbook-driven response activities using documented procedures and playbooks
• Implementing and maintaining advanced Microsoft Sentinel capabilities, including threat intelligence integration, user and entity behavior analytics, custom dashboards, workbook development, and third-party or software-as-a-service application connectivity
• Creating technical reports, security visualizations, operating procedures, and lifecycle documentation to support client security, operational, and business requirements

A successful candidate would possess these skills:

• Ability to work independently and collaborate as part of a team
• Effective written and verbal communication skills
• Meticulous attention to detail and quality of work product
• Ability to build and sustain professional relationships
• Ability to lead projects or workstreams
• Ability to manage and prioritize multiple tasks in a fast-paced and dynamic environment
• Strong interpersonal skills and professional demeanor
• Ability to meet deadlines
• Ability to provide clear guidance to others

The team

Our Deloitte Cyber team understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful solutions to help our clients navigate the ever-changing threat landscape. Through powerful solutions and managed services that simplify complexity, we enable our clients to operate with resilience, grow with confidence, and proactively manage to secure success.

Qualifications

Required:

• 4+ years of experience architecting, designing, and implementing Microsoft Sentinel, endpoint detection and response, or extended detection and response solutions in enterprise environments
• 4+ years of experience with security information and event management, detection engineering, log management, or security operations in Azure, Amazon Web Services, or Google Cloud Platform environments
• Experience developing Kusto Query Language queries and functions, analytical rules, dashboards, workbooks, and automation playbooks in Microsoft Sentinel
• Experience migrating from legacy security information and event management platforms to Microsoft Sentinel, including parser development, custom data source integration, and log collection or forwarder deployment
• Experience with scripting or automation tools such as PowerShell, Python, or Terraform for security operations or platform administration
• Ability to travel 50%, on average, based on the work you do and the clients and industries/sectors you serve.
• Limited immigration sponsorship may be available.

Preferred:

• Bachelor's degree in Computer Science, Cyber Security, Information Security, Engineering, or Information Technology
• Experience with threat intelligence integration, user and entity behavior analytics, or threat hunting aligned to MITRE ATT&CK
• Experience implementing Microsoft Defender XDR, Microsoft Defender products, Azure Arc, or Microsoft Sentinel pricing models
• Experience integrating native, third-party, or software-as-a-service applications with Microsoft Sentinel
• Microsoft Sentinel Ninja Training Level 400 completion
• One or more certifications such as Microsoft Certified: Security Operations Analyst Associate (SC-200), Certified Cloud Security Professional, Certificate of Cloud Security Knowledge, Certified Information Systems Security Professional, Cisco Certified Network Professional, or Cisco Certified Network Associate

The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $105,400 to $207,800.

You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.

Our Deloitte Cyber team understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful solutions to help our clients navigate the ever-changing threat landscape. Through powerful solutions and managed services that simplify complexity, we enable our clients to operate with resilience, grow with confidence, and proactively manage to secure success.

Recruiting for this role ends on 12/31/2026.

Work you'll do

As a Senior Consultant, Sentinel on the Deloitte Cyber team, you will be responsible for:

• Architecting, designing, and implementing Microsoft Sentinel, Microsoft Defender for Endpoint, and extended detection and response solutions across Azure, Amazon Web Services, and Google Cloud Platform environments
• Developing Kusto Query Language queries, functions, analytical rules, dashboards, workbooks, and automation playbooks to support monitoring, detection engineering, threat hunting, and incident response
• Supporting migrations from legacy security information and event management platforms to Microsoft Sentinel, including log onboarding, parser development, custom data source integration, log forwarder deployment, and log collection optimization
• Performing end-to-end event analysis, incident detection, escalation management, false positive tuning, and runbook-driven response activities using documented procedures and playbooks
• Implementing and maintaining advanced Microsoft Sentinel capabilities, including threat intelligence integration, user and entity behavior analytics, custom dashboards, workbook development, and third-party or software-as-a-service application connectivity
• Creating technical reports, security visualizations, operating procedures, and lifecycle documentation to support client security, operational, and business requirements

A successful candidate would possess these skills:

• Ability to work independently and collaborate as part of a team
• Effective written and verbal communication skills
• Meticulous attention to detail and quality of work product
• Ability to build and sustain professional relationships
• Ability to lead projects or workstreams
• Ability to manage and prioritize multiple tasks in a fast-paced and dynamic environment
• Strong interpersonal skills and professional demeanor
• Ability to meet deadlines
• Ability to provide clear guidance to others

The team

Our Deloitte Cyber team understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful solutions to help our clients navigate the ever-changing threat landscape. Through powerful solutions and managed services that simplify complexity, we enable our clients to operate with resilience, grow with confidence, and proactively manage to secure success.

Qualifications

Required:

• 4+ years of experience architecting, designing, and implementing Microsoft Sentinel, endpoint detection and response, or extended detection and response solutions in enterprise environments
• 4+ years of experience with security information and event management, detection engineering, log management, or security operations in Azure, Amazon Web Services, or Google Cloud Platform environments
• Experience developing Kusto Query Language queries and functions, analytical rules, dashboards, workbooks, and automation playbooks in Microsoft Sentinel
• Experience migrating from legacy security information and event management platforms to Microsoft Sentinel, including parser development, custom data source integration, and log collection or forwarder deployment
• Experience with scripting or automation tools such as PowerShell, Python, or Terraform for security operations or platform administration
• Ability to travel 50%, on average, based on the work you do and the clients and industries/sectors you serve.
• Limited immigration sponsorship may be available.

Preferred:

• Bachelor's degree in Computer Science, Cyber Security, Information Security, Engineering, or Information Technology
• Experience with threat intelligence integration, user and entity behavior analytics, or threat hunting aligned to MITRE ATT&CK
• Experience implementing Microsoft Defender XDR, Microsoft Defender products, Azure Arc, or Microsoft Sentinel pricing models
• Experience integrating native, third-party, or software-as-a-service applications with Microsoft Sentinel
• Microsoft Sentinel Ninja Training Level 400 completion
• One or more certifications such as Microsoft Certified: Security Operations Analyst Associate (SC-200), Certified Cloud Security Professional, Certificate of Cloud Security Knowledge, Certified Information Systems Security Professional, Cisco Certified Network Professional, or Cisco Certified Network Associate

The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $105,400 to $207,800.

You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.