Microsoft Sentinel / SOAR / UEBA Software Developer

Overview

On Site
Depends on Experience
Contract - W2
Contract - 12 Month(s)

Skills

Microsoft Sentinenal

Job Details

Software Developer II Microsoft Sentinel / SOAR / UEBA

Location: Austin, TX (Hybrid 2 days onsite per week)
Contract: Long-Term

Eligibility Requirements

  • Must be local to the Austin, TX area and able to work onsite two days per week

  • Must be able to work on a W2 basis only (no C2C, 1099, or third-party vendors)

  • Must be eligible to work in the U.S. without sponsorship or visa transfer

Position Overview

We are seeking a Software Developer II with strong experience in Microsoft Sentinel, security automation (SOAR), and analytics engineering (UEBA). This role focuses on designing, building, and optimizing Sentinel automation playbooks, analytics rules, and integrations to support advanced security operations and threat detection.

The ideal candidate has hands-on experience with Azure services, KQL, automation workflows, and security engineering concepts, and can work independently while collaborating with cybersecurity and platform teams.

Key Responsibilities

Microsoft Sentinel SOAR Development

  • Design, develop, test, and deploy Sentinel automation playbooks using Azure Logic Apps, Azure Functions, ARM templates, and REST APIs

  • Build automated workflows for alert enrichment, triage, response actions, notifications, and case management

  • Integrate Sentinel with third-party systems (EDR, IAM, ticketing systems, email gateways, firewalls, etc.)

UEBA & Analytics Engineering

  • Develop custom UEBA detection rules, anomaly models, and behavioral analytics using KQL

  • Build and maintain analytics rules, hunting queries, normalization logic, and entity behavior profiles

  • Analyze behavioral anomalies and fine-tune detection logic with security stakeholders

SIEM Platform & Content Engineering

  • Design and implement custom data connectors, ingestion pipelines, and transformation logic

  • Build dashboards, workbooks, and detection-as-code assets

  • Tune Sentinel configurations to improve performance, reduce noise, and align with MITRE ATT&CK and Zero Trust principles

Application Development & Integration

  • Develop supporting scripts, APIs, and microservices using Python, PowerShell, .NET, or similar languages

  • Work within CI/CD pipelines, DevOps workflows, and Git-based version control

Documentation & Support

  • Produce technical documentation, architecture diagrams, SOPs, and automation runbooks

  • Provide Tier III engineering support and participate in post-incident reviews as needed

Minimum Qualifications

  • Bachelor s degree in Computer Science, Software Engineering, Cybersecurity, or related field

  • 2+ years of experience in software development, cloud engineering, SIEM engineering, or cybersecurity engineering

  • Hands-on experience with Microsoft Sentinel, Azure services, and security operations workflows

  • Proficiency in KQL, scripting, and API-based integrations

  • Strong understanding of security operations, incident response, and threat detection concepts

Preferred Qualifications

  • 3+ years hands-on experience with Microsoft Sentinel

  • Experience building SOAR automation playbooks and UEBA detection models

  • Experience integrating Sentinel with EDR, IAM, firewalls, and ticketing platforms

  • Experience with DevOps pipelines (GitHub, Azure DevOps)

  • Familiarity with MITRE ATT&CK, NIST CSF, and Zero Trust principles

  • Microsoft certifications such as SC-200, AZ-900/AZ-104, SC-100/SC-300

  • Experience working in regulated environments (government, healthcare, or similar)

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.