Senior Security Operations Engineer

Senior Security Operations Engineer

• Senior SIEM Engineer
• Microsoft Sentinel Engineer
• Security Detection Engineering Lead
• Senior SOC Engineering Specialist
• Cloud Security Operations Engineer

Minneapolis, MN — Remote

• Position Type: Contract
• Contract Duration: Not to Exceed Contract Term
• Start: As Soon As Possible
• Pay Rate: $50.79/hour

We are seeking a Senior Security Operations Engineer with expert-level Microsoft Sentinel engineering experience to support SIEM engineering, advanced threat detection development, and security operations maturity. This is a hands‑on technical role focused on delivering high-impact improvements within a large enterprise Sentinel environment. This position requires deep engineering ownership of Sentinel, not analyst‑only experience.

• Engineer and tune Microsoft Sentinel data connectors, analytic rules, content packs, and automation playbooks
• Build KQL
  -based detections, custom analytics, hunting queries, and watchlists
• Manage and optimize log ingestion pipelines, including Windows Event, Security Event, and NxLog sources
• Design and maintain SOAR automation using Logic Apps
• Migrate legacy detection and hunting workflows into Sentinel’s Threat Hunting module
• Partner with SOC and IR teams to improve signal fidelity and detection quality

• Conduct advanced threat hunting using KQL and Sentinel workbooks
• Convert threat intelligence into actionable detections
• Identify detection gaps and expand coverage across identity, endpoint, and cloud telemetry

• Review Crowd Strike IOA detections and build complementary Sentinel detections
• Integrate Crowd Strike EASM insights into detection workflows
• Support endpoint engineering related to USB security, SSH visibility, certificates, and firewall controls

• Integrate credential risk signals into Sentinel detections
• Build detections for abnormal authentication behavior and correlated identity attacks

• Provide Tier 3 engineering support for Sentinel alerts and endpoint incidents
• Support high‑severity investigations requiring deep log correlation

• Produce engineering documentation, SOPs, playbooks, and runbooks
• Deliver full knowledge transfer at the conclusion of the contract

• Extensive hands‑on Microsoft Sentinel engineering experience
• Strong proficiency in KQL
• Experience building analytic rules, hunting queries, SOAR playbooks, and SIEM data models
• Hands‑on experience with Crowd Strike Falcon (EDR, IOA, EASM, firewall)
• Strong understanding of MITRE ATT&CK and modern detection engineering practices
• Broad troubleshooting skills across Windows, Linux, identity, and cloud environments

• Experience migrating legacy SIEM workflows into Sentinel
• Experience with identity risk and credential monitoring tools
• Scripting experience with Power Shell or Python
• Experience supporting OT, factory, or production environments

• Former Sentinel engineer, architect, or senior detection engineer
• Able to build detections and automations from scratch
• Deep understanding of SIEM ingestion, normalization, and schema mapping
• Self‑directed, senior‑level professional comfortable working independently

Medical, Vision, and Dental Insurance Plans
401(k) Retirement Fund

We are a leading provider of data storage solutions
, committed to innovation, sustainability, and employee development. With a collaborative and inclusive culture, the organization values integrity, innovation, and global impact while delivering cutting‑edge technology to customers worldwide.

GTT is a minority‑owned staffing firm and a subsidiary of Chenega Corporation, a Native American‑owned company in Alaska. As a Native American‑owned, economically disadvantaged organization, GTT values diverse and inclusive workplaces. Our clients include Fortune 500 banking, insurance, financial services, technology companies, and leading life sciences, biotech, utility, and retail organizations across the U.S. and Canada.