Senior Security Engineer, Microsoft Sentinel / Hybrid Onsite Liaison

Senior Security Engineer, Microsoft Sentinel / Hybrid Onsite Liaison

Company Overview

WINTrio LLC (WINTrio) is a leading provider of Cyber/DevSecOps, Cloud, Artificial Intelligence (AI)/Machine Learning (ML), and Agile Software Development solutions. We collaborate closely with federal and commercial clients to solve complex technical challenges by delivering innovative, agile, and cost-effective solutions. Our team is empowered to think creatively and deliver impactful results that drive measurable value.

Role

Senior Security Engineer, Microsoft Sentinel / Hybrid Onsite Liaison

Location

Washington, DC / Northern Virginia, hybrid onsite 2 to 3 days per week

Client

Long-term Federal/Public Sector

Work Authorization

US Citizen or Green Card preferred; must be able to pass federal background and suitability requirements.

Job Summary

As a Senior Security Engineer, you will serve as the primary onsite security engineering liaison for a federalclient’svSOCprogram. This role supports Microsoft Sentinel operations, Microsoft Defender tuning, log ingestion validation, telemetry gap identification, detection use case validation, vulnerability prioritization, patch governance coordination, and stakeholder engagement.

Key Responsibilities

• Serve as the primary technical liaison between the remotevSOCteam and federal client stakeholders.
• Review Microsoft Sentinel log ingestion, monitoring coverage, dashboards, and detection content.
• Validate and tune detection use cases aligned to MITRE ATT&CK.
• Identifytelemetry gaps across identity, endpoints, cloud, network, GitHub, SQL, VPN, Proofpoint, and backup tools.
• Support Microsoft Defender for Endpoint and Microsoft Defender for Identity tuning and operational validation.
• Coordinate remediation actions with client IRM staff and system owners.
• Support vulnerability prioritization, patch governance validation, and monthly remediation reporting.
• Validate log routing, normalization, and pipeline health, includingCriblor similar tools where applicable.
• Provide technical support during security events, incident escalation, purple team exercises, and continuity tests.
• Help mature the client’s Sentinel and Defender deployment from current-state operations to an optimized security monitoring capability.

Required Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field.
• 8+ years of cybersecurity engineering, SOC engineering, detection engineering, or SIEM operations experience.
• Strong hands‑on experience with Microsoft Sentinel, KQL, workbooks, analytics rules, incidents, watchlists, and automation rules.
• Strong experience with Microsoft Defender for Endpoint and Microsoft Defender for Identity.
• Experience with AWS log ingestion, CloudTrail, VPC Flow Logs, IAM monitoring, and cloud telemetry.
• Experience supporting federal security requirements, sensitive data environments, and audit-ready documentation.
• Ability to work directly with client technical and executive stakeholders.

Tools and Preferred Qualifications

• Microsoft Sentinel, Defender XDR, MDE, MDI, Entra ID, Azure Government, AWS Commercial.
• KQL, Logic Apps, Azure Monitor, Log Analytics, GitHub, SQL Server auditing.
• Cisco, Checkpoint,iBoss, VPN, Proofpoint TAP/TRAP, Veeam,WinCollect,Cribl.
• Certifications preferred: CISSP, GCIH, GCIA, CEH, Microsoft Security Operations Analyst, SC-200, AZ-500, AWS Security Specialty.

Benefits

• Medical, Dental, and Vision Insurance
• FSA & HSA options
• 401(k) Retirement Plan
• Annual Bonus & Profit Sharing
• Paid Time Off (PTO) & Vacation
• Employee Assistance Program (EAP)
• Life & Disability Insurance

Equal Opportunity Employer

WINTrio LLC is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration without regard to race, color, religion, sex, gender identity, national origin, age, veteran status, or disability.