SIEM Engineer – Microsoft Sentinel

Responsibilities: 

SIEM Engineering & Administration 

• Design, deploy, and maintain Microsoft Sentinel SIEM infrastructure. 

• Develop and optimize data connectors for log ingestion from cloud, on-prem, and hybrid sources. 

• Manage and tune analytic rules, workbooks, playbooks, and automation workflows. 

Threat Detection & Response Enablement 

• Create and refine KQL queries for custom detection use cases. 

• Collaborate with Threat Intelligence and SOC teams to operationalize threat indicators and behavioral analytics. 

• Support incident investigation through log enrichment and correlation. 

Monitoring & Performance 

• Ensure high availability and performance of Sentinel components. 

• Monitor ingestion costs and optimize data retention policies. 

• Implement health checks and alerting for SIEM infrastructure. 

Compliance & Reporting 

• Assist in generating reports for regulatory and audit requirements. 

• Maintain documentation for SIEM architecture, data flows, and detection logic. 

Collaboration & Continuous Improvement 

• Work closely with cloud, infrastructure, and application teams to onboard new log sources. 

• Stay current with Microsoft Sentinel roadmap and security best practices.

• Participate in purple team exercises and detection gap analysis. 

Qualifications: 

• 3 years of experience in SIEM engineering or security operations. 

• 2 years of hands-on experience with Microsoft Sentinel. 

• Proficiency in KQL (Kusto Query Language). 

• Strong understanding of Azure Security Center, Defender for Cloud, Log Analytics, and related services. 

• Experience with incident response, threat detection, and log management. 

• Familiarity with MITRE ATT&CK, NIST, or other security frameworks. 

• Microsoft certifications (e.g., SC-200, AZ-500). 

• Experience with Azure Logic Apps, Microsoft Defender XDR, or M365 security tools. 

• Scripting experience (PowerShell, Python) for automation. 

• Exposure to SOAR platforms and playbook development. 

Benefits:

• This is a hybrid position with on-site presence required based on business needs

• Private Medical Insurance

• Asociacion Solidarista

• Life Insurance

• Personal Day Off

Note: Only candidates with Costa Rican nationality or valid immigration status will be considered; applicants residing outside Costa Rica will not be considered, and relocation is not available