Microsoft SOAR jobs in United States
cer-icon
Apply on Employer Site
company-logo

Confidential Jobs ยท 1 day ago

Microsoft SOAR

positionAustin, TX
timeContract
remoteOnsite
seniorityEntry, Mid Level
date2+ years exp

Confidential Jobs is seeking a Microsoft SOAR professional to join their team. The role involves developing and deploying Sentinel SOAR automation playbooks, creating automated workflows, and collaborating with cybersecurity teams to enhance detection logic and security operations.

Computer Software
badNo H1Bnote
Hiring Manager
Suresh K
linkedin

Responsibilities

Designs, develops, tests, and deploys Sentinel SOAR automation playbooks using Azure Logic Apps, Azure Functions, ARM templates, and REST APIs
Creates automated workflows for alert enrichment, triage, response actions, notification processes, and case management
Integrates Sentinel with third-party systems (EDR, IAM, ticketing systems, email gateways, firewalls, etc.) to automate security operations
Develops custom UEBA detection rules, anomaly models, ML-based behavior patterns, and advanced hunting queries (KQL)
Builds and maintains analytics content, data parsers, normalization rules, and entity behavior profiles
Evaluates behavioral anomalies and collaborates with cybersecurity teams to fine-tune detection logic
Designs and implements custom data connectors, ingestion pipelines, and data transformation logic
Creates dashboards, workbooks, hunting queries, and detection-as-code assets
Performs platform tuning to improve performance, reduce noise, and align to MITRE ATT&CK and Zero Trust principles
Develops supporting code modules, scripts, microservices, and helper APIs using Python, PowerShell, .NET, or similar languages
Works with DevOps pipelines, CI/CD processes, version control, and infrastructure-as-code where applicable
Writes technical design documents, SOPs, architecture diagrams, and automation runbooks
Provides Tier III support for Sentinel engineering issues and participates in after-action reviews when needed

Qualification

Microsoft SentinelAzure Logic AppsKQLPythonSOAR automationCI/CD pipelinesAPI integrationsPowerShellC#JavaScriptMITRE ATT&CKNIST CSFZero Trust ArchitectureTechnical documentationCollaboration

Required

Graduation from an accredited four-year college or university with major coursework in computer science, computer information systems, software engineering, cybersecurity, or a related field
Two (2) years of full-time experience in software development, cloud engineering, SIEM engineering, or cybersecurity engineering
Two (2) years of full-time experience in software development, cloud engineering, SIEM engineering, or cybersecurity engineering

Preferred

Three (3) or more years of hands-on technical experience with Microsoft Sentinel
Experience developing UEBA models, anomaly detection rules, and behavior-based analytics
Experience building Security Automation Playbooks (SOAR)
Microsoft certifications such as: SC-200: Security Operations Analyst, AZ-900 / AZ-104, SC-100 / SC-300
Experience integrating Sentinel with EDR, IAM, firewalls, and ticketing systems
Experience with DevOps pipelines (GitHub, Azure DevOps)
Experience working in a government, healthcare, or regulatory environment

Company

Confidential Jobs

twitter
company-logo
Confidential Jobs is operated by ExecThread, Inc. (https://execthread.com).
dateFounded in 2015
location
New York, NY, US
people-size201-500 employees
web-link
https://execthread.com

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Amy Nelson
Managing Partner
linkedin
leader-logo
Brandon Nolan
Chief Information Security Officer
linkedin
Company data provided by crunchbase