Sr. SIEM Engineering Consultant

Everforth ECS is seeking a Sr. SIEM Engineering Consultant to join our team remotely. This position is contingent upon contract award.

 

Are you passionate about building and scaling cloud-native SIEM solutions and eager to make an immediate technical impact? Join ECS, a leading provider of cloud, AI, data, and enterprise transformation solutions. In this role, you will implement, optimize, and maintain Microsoft Sentinel environments at scale while contributing to architecture, automation, and integrations that improve security visibility, detection, and operational efficiency.

We are seeking a Sr. SIEM Engineering Consultant to join our Managed Security Services (MSSP) team. The ideal candidate has hands-on experience with Microsoft Sentinel and enjoys designing, coding, and deploying complex security monitoring and detection solutions. You will collaborate with engineering, DevOps, cloud, and client teams to deliver resilient, high-performance SIEM capabilities while maintaining visibility into threats, system health, and operational workflows.

 

Key Responsibilities:

• Design, deploy, and maintain Microsoft Sentinel environments, including Log Analytics Workspaces and data connectors.
• Build and optimize data ingestion pipelines, detection rules (analytics), queries (KQL), dashboards (Workbooks), and automation workflows.
• Write scripts, automation, and integrations (Python, PowerShell, Bash, etc.) to streamline security operations, data processing, and monitoring.
• Deploy and manage Sentinel across cloud environments, primarily Azure, with integrations into AWS, GCP, and hybrid/on-premises environments.
• Leverage automation and orchestration tools such as Terraform, Ansible, CI/CD pipelines, and infrastructure-as-code to manage deployments and operational tasks.
• Integrate Sentinel with enterprise tools such as Microsoft Defender, identity providers, firewalls, EDR platforms, and other telemetry sources.
• Monitor system health, troubleshoot ingestion and performance issues, and optimize for cost, reliability, and scalability.
• Develop and tune detection use cases aligned to threat frameworks (e.g., MITRE ATT&CK).
• Configure incident management, alert grouping, and response workflows within Sentinel.
• Implement automation and response using playbooks (Logic Apps) for alert enrichment and remediation.
• Lead design reviews, provide guidance on SIEM best practices, and support knowledge sharing across teams.
• Maintain documentation for architectures, detection logic, deployment patterns, runbooks, and operational best practices.
• Stay current with Microsoft security technologies, Sentinel features, and emerging SIEM capabilities.

 

Salary Range: $140,000 - $180,000