Microsoft Sentinel Detection Engineer / KQL Engineer | WINTrio LLC

Company Overview

WINTrio LLC (WINTrio) is a leading provider of Cyber/DevSecOps, Cloud, Artificial Intelligence (AI)/Machine Learning (ML), and Agile Software Development solutions. We collaborate closely with federal and commercial clients to solve complex technical challenges by delivering innovative, agile, and cost-effective solutions. Our team is empowered to think creatively and deliver impactful results that drive measurable value.

Role: Microsoft Sentinel Detection Engineer / KQL Engineer
Location: Remote, with occasional client support as required
Client: Long-term Federal/Public Sector
Work Authorization: US Citizen or Green Card preferred; must be able to pass federal background and suitability requirements.

Job Summary:
As a Microsoft Sentinel Detection Engineer / KQL Engineer, you will design, tune, and maintain detection content, Sentinel workbooks, analytics rules, KQL queries, automation rules, and dashboards for a federal client’s security operations environment.

Key Responsibilities:

• Design and configure Microsoft Sentinel analytics rules, workbooks, dashboards, watchlists, and hunting queries.
• Tune existing detections to reduce false positives and improve signal quality.
• Develop KQL queries for identity, endpoint, network, cloud, email, GitHub, SQL, and backup monitoring.
• Align detection use cases to MITRE ATT&CK and federal monitoring priorities.
• Build dashboards for technical teams and executive stakeholders.
• Support ingestion validation, schema mapping, normalization, and log source onboarding.
• Collaborate with SOC analysts to convert recurring investigation patterns into repeatable detections.
• Support automation development using Sentinel automation rules, Microsoft Defender XDR, and Logic Apps.
• Document detection logic, playbooks, data dependencies, and tuning rationale.

Required Qualifications:

• Bachelor’s degree in Cybersecurity, Computer Science, Data Analytics, Information Technology, or related field.
• 5+ years of SIEM engineering, detection engineering, SOC content development, or cyber analytics experience.
• Strong hands-on Microsoft Sentinel and KQL experience.
• Experience building dashboards, workbooks, analytics rules, watchlists, and hunting queries.
• Experience with Microsoft Defender XDR, MDE, MDI, Entra ID, and Azure Log Analytics.
• Strong understanding of MITRE ATT&CK, incident detection, and detection-as-code principles.

Tools and Preferred Qualifications:

• Microsoft Sentinel, KQL, Defender XDR, Logic Apps, Azure Monitor, Log Analytics.
• GitHub, AWS logs, SQL Server auditing, Proofpoint, Cisco, Checkpoint, iBoss, Veeam.
• SC-200, AZ-500, CISSP, GCIA, GCIH, or equivalent preferred.

Benefits

• Medical, Dental, and Vision Insurance
• FSA & HSA options
• 401(k) Retirement Plan
• Annual Bonus & Profit Sharing
• Paid Time Off (PTO) & Vacation
• Employee Assistance Program (EAP)
• Life & Disability Insurance

Why Join WINTrio?

WINTrio is a people-first, employee-driven organization. We offer opportunities to grow across emerging technologies, program management, and business development while working on high-impact federal initiatives.

Equal Opportunity Employer

WINTrio LLC is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration without regard to race, color, religion, sex, gender identity, national origin, age, veteran status, or disability.