Apply now: SIEM Engineer, REMOTE Start date is ASAP for this 3 to 6 month contract position.
Job Title: SIEM Engineer
Location-Type: Fully Remote
Start Date: ASAP
Duration: Contract, 3 months firm, up to 6 months
Compensation Range: $75-80/hr W2
Benefits: Eligible for Health, Dental, Vision, and 401K
Visa Sponsorship: Not eligible for visa sponsorship
Job Description:The client is seeking a skilled SIEM Engineer to architect and build a greenfield Microsoft Sentinel environment from the ground up, integrating multi-source log feeds across on-premises, cloud, and network infrastructure.
Job Summary•Design, deploy, and scale the Microsoft Sentinel and Log Analytics Workspace architecture for high performance, optimal retention, and cost efficiency.
•Architect and implement scalable log ingestion pipelines, including data transformation, parsing at ingestion using KQL, and cost-optimization strategies such as routing to Auxiliary/Basic logs vs. Analytics logs.
•Configure and maintain Data Collection Rules (DCRs) using the Azure Monitor Agent (AMA) to collect security telemetry from Windows, Linux, and hybrid workloads.
•Build and troubleshoot native Sentinel data connectors and develop custom API integrations for third-party tools where native connectors are unavailable.
•Manage the lifecycle of security data, including exporting cold/warm data to Azure Data Lake Storage (ADLS Gen2) or Azure Storage Accounts for long-term retention and compliance.
•Develop and deploy automated response playbooks using Azure Logic Apps and Azure Function Apps (Python or PowerShell) to orchestrate incident response and enrich alert data.
•Write, tune, and maintain high-fidelity analytical rules, hunting queries, and watchlists using KQL to minimize false positives.
Minimum Requirements:•6 years of progressive enterprise security operations experience, with at least 3 years of dedicated, hands-on Microsoft Sentinel engineering and deployment.
•Deep understanding of log ingestion methodology, multi-source log feeds (on-premises, cloud, firewalls), and data orchestration principles, not just tooling.
•Proficiency with Azure Monitor, Log Analytics Workspaces, DCR/AMA architecture, and cold/warm/hot storage tiers including data lake integration.
•Strong proficiency in Azure Logic Apps and Azure Function Apps, with scripting ability in PowerShell or Python.
•Experience deploying Azure security resources using Infrastructure as Code tools such as ARM templates, Bicep, or Terraform.
•Demonstrated ability to interface cross-functionally with multiple teams to gather and onboard log sources, with strong project management and organizational skills.
•Advanced KQL proficiency for detection engineering, parsing, and threat hunting.
•Experience with additional SIEM platforms beyond Microsoft Sentinel, with the ability to apply transferable methodology.
•Familiarity with AI/ML tools applied to threat hunting, root-cause analysis, or automated incident response.
•Experience developing and presenting security metrics (MTTD, MTTR) to leadership.
•Relevant certifications such as GCIH, GCFA, GNFA, CISSP, SC-200, or SC-100.