Sr. SIEM Engineering Consultant

Job Description Everforth ECS is seeking a Sr. SIEM Engineering Consultant to join our team remotely. This position is contingent upon contract award. Are you passionate about building and scaling cloud-native SIEM solutions and eager to make an immediate technical impact? Join ECS, a leading provider of cloud, AI, data, and enterprise transformation solutions. In this role, you will implement, optimize, and maintain Microsoft Sentinel environments at scale while contributing to architecture, automation, and integrations that improve security visibility, detection, and operational efficiency. We are seeking a Sr. SIEM Engineering Consultant to join our Managed Security Services (MSSP) team. The ideal candidate has hands-on experience with Microsoft Sentinel and enjoys designing, coding, and deploying complex security monitoring and detection solutions. You will collaborate with engineering, DevOps, cloud, and client teams to deliver resilient, high-performance SIEM capabilities while maintaining visibility into threats, system health, and operational workflows.

Key Responsibilities:

Design, deploy, and maintain Microsoft Sentinel environments, including Log Analytics Workspaces and data connectors. Build and optimize data ingestion pipelines, detection rules (analytics), queries (KQL), dashboards (Workbooks), and automation workflows. Write scripts, automation, and integrations (Python, PowerShell, Bash, etc.) to streamline security operations, data processing, and monitoring. Deploy and manage Sentinel across cloud environments, primarily Azure, with integrations into AWS, Google Cloud Platform, and hybrid/on-premises environments. Leverage automation and orchestration tools such as Terraform, Ansible, CI/CD pipelines, and infrastructure-as-code to manage deployments and operational tasks. Integrate Sentinel with enterprise tools such as Microsoft Defender, identity providers, firewalls, EDR platforms, and other telemetry sources. Monitor system health, troubleshoot ingestion and performance issues, and optimize for cost, reliability, and scalability. Develop and tune detection use cases aligned to threat frameworks (e.g., MITRE ATT&CK). Configure incident management, alert grouping, and response workflows within Sentinel. Implement automation and response using playbooks (Logic Apps) for alert enrichment and remediation. Lead design reviews, provide guidance on SIEM best practices, and support knowledge sharing across teams. Maintain documentation for architectures, detection logic, deployment patterns, runbooks, and operational best practices. Stay current with Microsoft security technologies, Sentinel features, and emerging SIEM capabilities.

Salary Range:

$140,000 - $180,000 Required Skills Deep, hands-on expertise with Microsoft Sentinel and Azure Monitor (Log Analytics, KQL, data connectors). Strong experience with SIEM engineering, including log ingestion, normalization, detection engineering, and incident response workflows. Proficiency in Kusto Query Language (KQL) for detection development and data analysis. Strong scripting and automation skills (Python, PowerShell, Bash, etc.). Solid understanding of security operations, threat detection, and observability in distributed systems. Experience designing, deploying, and optimizing production-scale SIEM environments. Strong knowledge of Azure, cloud security architecture, networking, and identity systems. Ability to mentor, guide, and influence engineering teams on SIEM and security best practices. Outstanding verbal and written communication skills. Willingness and ability to support domestic or international on-site engagements. U.S. Passport required. Must be eligible to obtain a U.S. Security Clearance. Desired Skills Experience with other SIEM platforms such as Splunk, Elastic, or QRadar. Familiarity with the Elastic Stack (Elasticsearch, Kibana, Logstash, Beats, Fleet). Experience with Microsoft security ecosystem (Defender for Endpoint, Defender for Cloud, Entra ID, etc.). Experience with containerization and orchestration (Kubernetes, Docker, OpenShift). Experience with automation/orchestration tools (Terraform, Ansible, CI/CD pipelines). Familiarity integrating SIEM platforms with endpoint telemetry and cloud-native services. Certifications (preferred):

Microsoft Certified:

Security Operations Analyst Associate (SC-200)

Microsoft Certified:

Azure Security Engineer Associate (AZ-500)

Microsoft Certified:

Azure Solutions Architect Expert AWS Certified Solutions Architect or equivalent Docker Certified Associate (DCA) Certified Kubernetes Administrator (CKA)

HashiCorp Certified:

Terraform Associate Red Hat Certified Specialist in Ansible Automation Elastic Certified Engineer / Elastic Security Engineer (nice to have) Prior experience in DevOps, Site Reliability Engineering, or cloud platform roles is a plus. Experience designing dashboards, detection frameworks, and large-scale security workflows.

Experience with:

Platforms:

Azure, AWS, Google Cloud Platform, GovCloud, hybrid and on-premises deployments

Containerization:

Kubernetes, Docker, OpenShift Automation:

Terraform, Ansible, CI/CD pipelines

Integrations:

SIEMs (Splunk, Elastic), endpoint/security telemetry (CrowdStrike), cloud-native services

Competing Technologies:

Splunk, OpenSearch, QRadar, ArcSight, Graylog, Datadog, Elastic Cloud alternatives #Everforth

ECS1 ECS

Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law. Everforth ECS is the federal segment of Everforth , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies. Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.

We value:

Attracting and developing top talent and high-performing teams Fostering a culture that is engaging, accountable, and mission-driven Meet the challenge. Make a difference with Everforth ECS!