Microsoft Sentinel Administrator / Engineer

Job Title: Microsoft Sentinel Administrator / Engineer
Company: B5 Recruiting, LLC 
Location: Washington, DC / Hybrid
Employment Type: Full-Time

Position Overview

B5 Recruiting s seeking a Microsoft Sentinel Administrator / Engineer to support the design, administration, optimization, and continuous improvement of Microsoft Sentinel within a federal cybersecurity environment. The selected candidate will help maintain and enhance cloud-native security monitoring, incident detection, automation, and response capabilities across Microsoft Sentinel and the broader Microsoft security ecosystem.

This role is ideal for a hands-on security engineer who understands SIEM operations, log ingestion, detection engineering, incident response workflows, and cloud security. The Microsoft Sentinel Administrator / Engineer will work closely with cybersecurity operations, identity, cloud, infrastructure, and AI teams to improve threat visibility, streamline SOC processes, and strengthen the organization’s overall security posture.

Key Responsibilities

• Administer, configure, and maintain Microsoft Sentinel in an enterprise or federal environment.
  
• Manage Sentinel workspaces, data connectors, analytics rules, watchlists, workbooks, automation rules, and playbooks.
  
• Configure and troubleshoot log ingestion from Microsoft and third-party sources, including Microsoft Defender XDR, Entra ID, Azure resources, firewalls, endpoint tools, and other security platforms.
  
• Develop, tune, and maintain KQL queries for threat detection, hunting, dashboards, and reporting.
  
• Create and optimize analytics rules to improve detection accuracy and reduce false positives.
  
• Support SOC operations by improving alert triage, escalation workflows, case management, and incident response processes.
  
• Build and maintain Microsoft Sentinel workbooks and dashboards for operational, executive, and compliance reporting.
  
• Develop and support automation using Logic Apps, playbooks, and workflow integrations.
  
• Assist with threat hunting, security investigations, and root cause analysis.
  
• Integrate Sentinel with Microsoft Defender for Endpoint, Defender for Cloud, Defender for Identity, Defender for Office 365, Entra ID, and Microsoft Purview where applicable.
  
• Support Zero Trust, identity-first security, and cloud security monitoring initiatives.
  
• Document configurations, standard operating procedures, detection logic, playbooks, and engineering changes.
  
• Participate in change management, configuration reviews, and security control validation activities.
  
• Monitor Sentinel performance, data usage, retention, costs, and ingestion trends.
  
• Recommend improvements to detection coverage, log source onboarding, automation, and SOC maturity.
  

Required Qualifications

• 4+ years of cybersecurity, SIEM administration, security engineering, or SOC engineering experience.
  
• 2+ years of hands-on experience with Microsoft Sentinel.
  
• Strong working knowledge of Kusto Query Language.
  
• Experience configuring Sentinel data connectors, analytics rules, incidents, workbooks, watchlists, and automation rules.
  
• Experience integrating Microsoft Sentinel with Microsoft Defender XDR and Microsoft Entra ID.
  
• Understanding of SOC operations, incident response, threat detection, and security monitoring.
  
• Experience troubleshooting log ingestion, normalization, and data quality issues.
  
• Familiarity with Azure security services and cloud-native security monitoring.
  
• Ability to document technical procedures, engineering decisions, and operational workflows.
  
• Strong communication skills and ability to work with technical and non-technical stakeholders.
  
• U.S. citizenship may be required for federal contract support.
  

Preferred Qualifications

• Experience supporting federal cybersecurity programs or regulated environments.
  
• Knowledge of NIST 800-53, FISMA, Zero Trust Architecture, and continuous monitoring requirements.
  
• Experience with Microsoft Defender for Endpoint, Defender for Cloud, Defender for Identity, Defender for Office 365, and Microsoft Purview.
  
• Experience with Azure Logic Apps, Azure Monitor, Azure Policy, Azure Resource Manager, and Azure Automation.
  
• Experience developing threat hunting queries and detection content mapped to MITRE ATT&CK.
  
• Experience with SOAR workflows, ticketing integrations, and SOC process automation.
  
• Familiarity with Power BI or other reporting tools.
  
• Microsoft certifications such as:
  
• • Microsoft Certified: Security Operations Analyst Associate
    
  • Microsoft Certified: Azure Security Engineer Associate
    
  • Microsoft Certified: Cybersecurity Architect Expert
    
  • Microsoft Certified: Azure Administrator Associate
    

Desired Skills

• Microsoft Sentinel administration and engineering
  
• KQL development and tuning
  
• SIEM/SOAR operations
  
• Detection engineering
  
• Threat hunting
  
• Azure security monitoring
  
• Defender XDR integration
  
• Incident response support
  
• SOC automation
  
• Dashboard and workbook development
  
• Federal cybersecurity compliance support
  

Requirements

• 4+ years of cybersecurity, SIEM administration, security engineering, or SOC engineering experience.
  
• 2+ years of hands-on experience with Microsoft Sentinel.
  
• Strong working knowledge of Kusto Query Language.
  
• Experience configuring Sentinel data connectors, analytics rules, incidents, workbooks, watchlistst, and automation rules.
  
• Experience integrating Microsoft Sentinel with Microsoft Defender XDR and Microsoft Entra ID.
  

Benefits