Back to all jobs
Centurion Consulting Group Logo

Centurion Consulting Group

Centurion is a systems matter expect to serve as the Microsoft Sentinel Security Information and Events Management (SIEM) Engineer to deliver technical support, engineering, and mentoring services for platform administration for performing threat intelligence. Through the integration, collection, analysis and disseminate of log data from various sources to enhance the intelligence feeds, improve contextual analysis activities and detection capabilities. This position will proactively search for signs of potential threats by leveraging log data analytics, the use of advanced detection techniques and threat hunting methodologies. Candidates must have mid to expert level preferred skills, experience, and capabilities:

  • Recent experience with the administration and management of Microsoft Sentinel.
  • Experience developing, compiling, and executing KQL queries.
  • Strong aptitude to learn platforms, to work with stakeholders, to understand and provide thoughts on how to customize and maintain platforms to meet organizational business needs.
  • Experience generating playbooks and using Azure logic apps for security orchestration, automation and response.
  • Experience in querying, reviewing and providing contextual information from log data.
  • Proficient in the use of M365 Office suite of tool.
  • Ability to establish and maintain effective working relationships with peers, end users and vendor development staff, as well as all levels of management and judicial personnel as necessary.
  • Ability to communicate clearly and lead technical discussions related to log data management and knowledge sharing.

Minimum Qualifications: BA/BS degree in Computer Science, Business Management, or an IT related field

Preferred Qualifications

  • Three (3) years’ experience with Azure Sentinel.
  • Three (3) years’ experience with Kusto Query Language.
  • One (1) year experience with Information Security.
  • Active Microsoft Security Operations Analyst Associate certification.

Position Duties:

The SIEM Engineer is responsible for designing, implementing, and managing the Microsoft Sentinel SIEM solution to collect, analyze, and visualize data from various sources within the State Agency. This role involves managing the SIEM environment, creating dashboards, and ensuring the effective use of SIEM’s capabilities to monitor, detect, and respond to security threats and operational insights for the consumption of the Security Analysts. The Microsoft Sentinel SIEM Engineer will work closely with security analysts, and stakeholders to optimize data intelligence and drive informed incident detection and response.

  1. Essential Functions:

    1. SIEM Configuration:

      1. Design and deploy SIEM resources, including configuring analytics rules, playbooks, Azure logic apps and data connectors, to support data collection and analysis needs.
      2. Optimize SIEM configurations to ensure efficient data storage, retrieval, and search capabilities.
    2. Data Collection and Integration:

      1. Collaborate with system owners to identify available data sources and drive initiatives to ingest that system data.
      2. Develop data ingestion strategies, create data inputs, and set up data source integration for various log and event data types.
      3. Design and implement data normalization and transformation processes for consistent and accurate analysis.
    3. Dashboard and Visualization Development:

      1. Design and create interactive dashboards, reports, and visualizations using SIEM’s capabilities.
      2. Present data insights in a clear and actionable manner to support decision-making processes.
      3. Develop data visuals for the SOC displays screens.
    4. Search, Queries and Alerts:

      1. Develop and optimize analytics rules and alert mechanisms to proactively monitor for security threats, anomalies, and operational issues.
      2. Configure alerts to trigger automated responses or notifications based on predefined criteria.
    5. SIEM App Development:

      1. Build custom SIEM apps and add-ons to extend functionality and support specific agency requirements.
      2. Collaborate with development teams to integrate SIEM with other systems and tools.
    6. Security and Compliance:

      1. Implement security controls and best practices to protect data stored in SIEM and ensure compliance with relevant regulations and standards.
      2. Monitor and analyze security-related events to detect and respond to potential threats.
    7. Performance Optimization:

        1. Monitor system performance and troubleshoot issues related to data indexing, search performance, and resource utilization.
        2. Implement optimizations to enhance SIEM’s efficiency and responsiveness.
    8. Training and Documentation:

      1. Provide training and guidance to other JIS SOC team members on Microsoft Sentinel best practices, usage, and administration.
      2. Create documentation for configurations, processes, and troubleshooting procedures.

Place of Performance:

  • Work shall be performed 100% remote at a suitable off-site location selected by the Offeror/Offeror Resource(s).
  • The State Agency reserves the right to determine an off-site location is not suitable (e.g., crowded public space with distracting background noise during meetings).
  • On-site support may be required. As designated by the Chief Technology Officer, candidate must be able to report on-site within seventy-two (72) hours after notification.

    • If required to report, the candidate must report to a location in Annapolis, MD.
    • The State Agency does not have a limit on the number of times the proposed resource(s) may be required to be onsite.

Hours of Operations:

  • During normal operating hours, Monday through Friday, 8:00AM to 4:30PM Eastern Standard Time (EDT).
  • Candidate shall have the flexibility to extend coverage hours to meet deadlines.
  • Client Project Manager or Department/Senior Manager must approve work prior to or after normal operation hours, not to exceed 2,040 hours per year.

    • Depending upon project requirements, candidate must be able to work a flexible schedule to include evenings, nights, weekends, and holidays. Proposed resource(s) must be available to provide on-call operational support as required outside business hours.
    • A two (2) to four (4) week training period will be provided to acclimate the successful resource(s) in the methods, processes, equipment, and software used by the State Agency

THIS POSITION IS CONTINGENT UPON CONTRACT AWARD

Position Details:

Clearance: N/A

US Citizenship or Authorization to work in US required

Travel: < 10% (CONUS)

Centurion Consulting Group, LLC is an Equal Opportunity Employer EOE M/F/D/V

No third parties or subcontractors

REF: JOB-4796


    • Location: Remote
    • Date posted: