Job Description
Microsoft Sentinel Detection Engineer / KQL Engineer Company Overview WINTrio LLC (WINTrio) is a leading provider of Cyber/DevSecOps, Cloud, Artificial Intelligence (AI)/Machine Learning (ML), and Agile Software Development solutions. We collaborate closely with federal and commercial clients to solve complex technical challenges by delivering innovative, agile, and cost-effective solutions. Our team is empowered to think creatively and deliver impactful results that drive measurable value. Role: Microsoft Sentinel Detection Engineer / KQL Engineer Location: Remote, with occasional client support as required Client: Long-term Federal/Public Sector Work Authorization: US Citizen or Green Card preferred; must be able to pass federal background and suitability requirements. Job Summary: As a Microsoft Sentinel Detection Engineer / KQL Engineer, you will design, tune, and maintain detection content, Sentinel workbooks, analytics rules, KQL queries, automation rules, and dashboards for a federal clients security operations environment. Key Responsibilities: Design and configure Microsoft Sentinel analytics rules, workbooks, dashboards, watchlists, and hunting queries. Tune existing detections to reduce false positives and improve signal quality. Develop KQL queries for identity, endpoint, network, cloud, email, GitHub, SQL, and backup monitoring. Align detection use cases to MITRE ATT&CK and federal monitoring priorities. Build dashboards for technical teams and executive stakeholders. Support ingestion validation, schema mapping, normalization, and log source onboarding. Collaborate with SOC analysts to convert recurring investigation patterns into repeatable detections. Support automation development using Sentinel automation rules, Microsoft Defender XDR, and Logic Apps. Document detection logic, playbooks, data dependencies, and tuning rationale. Required Qualifications: Bachelors degree in Cybersecurity, Computer Science, Data Analytics, Information Te