Opening for Security Automation and Detection Engineer : : Contract : : Austin, TX : : Hybrid

Job Title : Security Automation and Detection Engineer

Location : Austin, TX (Hybrid minimum 2 days onsite at Arm-Austin office)

Duration : 12 months (with potential extension)

Role Overview

We are seeking an experienced Security Automation and Detection Engineer to join our team on a one-year contract. This role requires a hands-on SME in Microsoft Sentinel and KQL with proven experience in log source onboarding, analytics rule creation, and automation playbook development. The ideal candidate is passionate about security operations, detection engineering, and automation within cloud-native SIEM platforms.

This position is technical interview-focused and designed for professionals with recent, practical, and in-depth experience managing Sentinel in a production environment.

Key Responsibilities

Microsoft Sentinel Management

Onboard and configure new log sources into Sentinel.

Design, implement, and maintain Analytics detection rules .

Manage and optimize Automation workflows (Logic Apps, Playbooks).

Detection Engineering

Write and optimize KQL queries for detections, hunting, and reporting.

Develop and refine detection use cases across enterprise workloads.

Validate and tune detections to minimize false positives.

Automation & Security Operations

Implement SOAR-based automation within Sentinel to improve incident response.

Collaborate with SOC and incident response teams to operationalize detections.

Continuously improve detection coverage and automation efficiency.

Collaboration & Documentation

Partner with security architects and infrastructure teams on data ingestion.

Document onboarding steps, detection logic, and automation workflows.

Share knowledge with the broader security engineering team.

Required Qualifications

Proficiency with Microsoft Sentinel , with recent (last 6 months) hands-on experience in : Onboarding log sources, Creating and managing Analytics detection rules, Implementing Automation workflows.

Strong expertise in KQL (Kusto Query Language) for detections, hunting, and dashboards.

At least 50% of recent day-to-day work focused on Sentinel operations and automation.

Solid understanding of SIEM / SOAR concepts, security monitoring, and incident detection.

Experience tuning detections to balance coverage and false positives.

Preferred Skills

Azure Security tools (Defender suite, Azure Monitor, Logic Apps).

Knowledge of MITRE ATT&CK mapping for detection engineering.

Scripting skills (PowerShell, Python) for security automation.

Familiarity with log source types (network, endpoint, cloud, identity).