IT Software Developer (TX537601537)
?Essential Job Functions (EJFs)
1. Microsoft Sentinel SOAR Development (40%)
· Designs, develops, tests, and deploys Sentinel SOAR automation playbooks
using Azure Logic Apps, Azure Functions, ARM templates, and REST APIs.
· Creates automated workflows for alert enrichment, triage, response actions, notification processes, and case management.
· Integrates Sentinel with third-party systems (EDR, IAM, ticketing systems, email gateways, firewalls, etc.) to automate security operations.
2. UEBA & Analytics Engineering (30%)
· Develops custom UEBA detection rules
, anomaly models, ML-based behavior patterns, and advanced hunting queries (KQL).
· Builds and maintains analytics content, data parsers, normalization rules, and entity behavior profiles.
· Evaluates behavioral anomalies and collaborates with cybersecurity teams to fine-tune detection logic.
3. SIEM Content Development & Platform Engineering (15%)
· Designs and implements custom data connectors, ingestion pipelines, and data transformation logic.
· Creates dashboards, workbooks, hunting queries, and detection-as-code assets.
· Performs platform tuning to improve performance, reduce noise, and align to MITRE ATT&CK and Zero Trust principles.
4. Application Development & Integration (10%)
· Develops supporting code modules, scripts, microservices, and helper APIs using Python, PowerShell, .NET, or similar languages.
· Works with DevOps pipelines, CI/CD processes, version control, and infrastructure-as-code where applicable.
5. Documentation, Collaboration & Support (5%)
· Writes technical design documents, SOPs, architecture diagrams, and automation runbooks.
· Provides Tier III support for Sentinel engineering issues and participates in after-action reviews when needed.
Knowledge, Skills, and Abilities (KSAs)
Knowledge of:
· Microsoft Sentinel architecture, SOAR, and UEBA capabilities.
· Azure cloud services, Logic Apps, Azure Functions, Event Hubs, Key Vault, and Azure AD.
· Security operations processes (triage, threat detection, incident response, threat modeling).
· MITRE ATT&CK, NIST CSF, Zero Trust Architecture concepts.
· Programming and scripting languages (Python, PowerShell, KQL, C#, JavaScript, or equivalent).
· CI/CD pipelines, DevOps practices, and Git-based version control.
· API integrations and JSON/YAML structures.
Skills in:
· Building Logic App workflows and custom Sentinel automation playbooks.
· Writing complex KQL queries for analytics, hunting, and behavioral detection.
· Developing custom connectors, data maps, and parsers.
· Designing and optimizing UEBA detection models.
· Debugging SOAR workflows and resolving integration issues.
· Communicating technical information clearly to both technical and non-technical audiences.
Abilities to:
· Work independently and take ownership of complex development tasks.
· Translate security requirements into scalable technical solutions.
· Analyze threat behaviors and develop meaningful detections.
· Work collaboratively with cybersecurity, infrastructure, and application teams.
· Manage multiple work assignments and meet deadlines.