Microsoft Sentinel / SOC Automation Engineer | W2 Only | - Xlysi - Houston, TX

Responsibilities:

Administer and maintain Microsoft Sentinel workspaces across Azure and multi-cloud environments

Configure, manage, and troubleshoot Sentinel data connectors

Design and automate incident response workflows using Logic Apps and Sentinel playbooks

Develop, tune, and optimize KQL queries for analytics, threat hunting, and detections

Implement and manage custom analytics rules, alerts, and detections

Ensure seamless ingestion of security telemetry from cloud, hybrid, and third-party sources

Automate repetitive SOC operational tasks to improve efficiency and response times

Build and maintain Sentinel dashboards and reports for SOC visibility and leadership reporting

Troubleshoot ingestion, connector, and performance issues within Sentinel

Collaborate with cloud and infrastructure teams to secure Azure and hybrid workloads

Document automation workflows, playbooks, configurations, and SOPs

Provide guidance on Sentinel best practices and overall cloud security posture

Administer and support Microsoft 365 security configurations

Provide technical guidance to clients, internal teams, and stakeholders on Microsoft Purview capabilities and best practices

Contribute to continuous improvement of SOC automation and security operations

Resolve customer issues through structured problem-solving, collaboration, and research

Handle escalated technical issues and perform in-depth troubleshooting and remediation

Collaborate cross-team and cross-product to resolve moderately complex security issues

Maintain clear documentation of technical findings, fixes, and recommendations