Senior Consultant Cyber Engineering
Indexed description
Recruiting for this role ends on 7/15/2026.
Work you'll do
The position supports the SOC as an escalation point identifying and addressing potential SIEM content/level I and II engineering security concerns as this role is the first line of operational support. This role is also responsible for supporting Security application patching, content creation as requested from all stake holders, and development of process documentation.
Responsibilities by category:
Administrative
- Maintain ticket management and DevOps activity tracking to ensure accurate work intake, prioritization, and status reporting.
- Monitor and communicate Microsoft product updates; assess and advise on impacts on the environment and customers.
- Build strong stakeholder relationships and provide timely end-user support with clear follow-through and resolution documentation.
- Create and maintain process documentation (runbooks, SOPs, workflows) to support consistent execution and knowledge transfer.
- Maintain and enforce change control and peer review processes to promote quality, security, and auditability.
- Threat detection development in Microsoft Sentinel and Defender platforms sing KQL.
- Align detection rules to current and emerging threats, leveraging external threat intelligence as appropriate.
- Identify and remediate detection gaps using the MITRE ATT&CK framework, based on business risk and priorities.
- Collaborate with Cybersecurity teams (e.g., Incident Response, Threat Intelligence, Engineering) to ensure cross-team alignment and coverage.
- Develop, tune, and support analytics/detection rules, including performance monitoring and optimization.
- Develop, maintain, and optimize playbooks/notebooks, including operational reliability and performance.
- Develop, maintain, and optimize Logic Apps, including operational reliability and performance.
- Develop, maintain, and optimize workbooks and dashboards to support detection engineering and SOC visibility.
- Support reporting needs tied to threat detection outcomes, metrics, and operational insights.
- Define and document required fields per data source to enable effective detection and investigation.
- Identify and remediate high-cost/expensive detections to improve signal-to-noise ratio and manage platform consumption.
- Design, build, and support automation solutions that improve efficiency, consistency, and time-to-response across security operations.
- Maintain strong SOC partnerships and provide support for SOC inquiries related to the Azure and Microsoft Defender portals, including troubleshooting and operational guidance.
- Ability to work independently and collaborate as part of a team
- Effective written and verbal communication skills
- Meticulous attention to detail and quality of work product
- Ability to build and sustain professional relationships
- Ability to lead projects or workstreams
- Ability to manage and prioritize multiple tasks in a fast-paced and dynamic environment
- Strong interpersonal skills and professional demeanor
- Ability to meet deadlines
- Ability to provide clear guidance to others
The ~3,000 professionals in DT - US deliver services including:
- Cyber Security
- Technology Support
- Technology & Infrastructure
- Applications
- Relationship Management
- Strategy & Communications
- Project Management
- Financials
Areas of focus include:
- Risk & Compliance
- Identity & Access Management
- Data Protection
- Cyber Design
- Threat Detection
- Incident Response
- Security Architecture
- Business Partnership
- Bachelor's degree or equivalent in Computer Science, Computer Engineering, Business Administration.
- Minimum 8 years of various technology experience.
- Minimum 3 years' cyber security experience within SIEM Administration.
- Hands-on experience with Microsoft Sentinel, including building and tuning analytics rules, hunting queries, workbooks, automation, and managing the SIEM data model and workspace.
- Strong KQL proficiency for threat hunting, detection logic, investigation, and telemetry analysis.
- MS Sentinel SC-200 badge
- SOAR and automation experience, especially with Azure Logic Apps, playbooks, and integrations with ITSM or third-party APIs.
- Cloud Fundamental Certificates.
- Ability to communicate network security issues to peers and lower management.
- Hands-on experience with Linux, working knowledge of multiple Cloud environments, Azure O365, and SOC processes.
- An understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity and possible abnormal activities, such as worms, Trojans, viruses, etc.
You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.
EA_ExpHire
RITM10703562
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search