Azure Data Explorer Administrator

Job Role: Azure Data Explorer Administrator

Location: Bellevue HQ or Overland Park onsite 4 days a week

Duration: 12 Months

Headcount: 2

Work Required

• Review and validate the **Azure Data Explorer (ADX)** architecture to ensure scalability, resiliency, and performance. Recommend and implement approved changes to cluster sizing, partitioning strategies, and cache policies.
• Ensure integration of data pipelines such as Vector, Event Hubs, Azure Blob, Cribl, NiFI ensuring high throughput and fault tolerance.
• Develop and maintain Kusto Query Language (KQL) functions, materialized views, and time-series optimizations to support advanced querying and SIEM use cases.
• Ensure all data ingestion flows are monitored end-to-end, with alerting and logging for failures, latency issues, or schema mismatches.
• Build and maintain data quality monitoring dashboards to identify missing, delayed, malformed, or duplicate events, and proactively address anomalies.
• Implement and document data normalization practices, including alignment with schema standards like OCSF when applicable.
• Configure and maintain role-based access control (RBAC) and ensure compliance with corporate data governance and security standards.
• Provide cost visibility and optimization strategies, including usage tracking, retention tuning, and query performance analysi

Overview

We need two Azure Data Explorer Administrators to ensure ADX is deployed, configured, and optimized as the core log analytics and SIEM data platform. These individuals will be responsible for implementing and tuning ingestion pipelines from multiple sources, optimizing data structures and queries for performance, and establishing robust monitoring for ingestion failures, data anomalies, and operational health. Their expertise will be critical in ensuring the reliability, scalability, and security of ADX in support of a modern, cloud-native SIEM modernization initiative.