Innovate Consulting is seeking a senior-level detection engineer who can jump into Microsoft Sentinel (plus Obsidian), clean up noisy alerts, tune existing detections, create new ones, and support the SOC. We need someone who can execute immediately!

TOP MUST-HAVES

• Expert Microsoft Sentinel detection engineering
• Very strong KQL
• Experience tuning detections, reducing false positives, and improving signal quality
• Experience building new detections across multiple log sources
• Familiarity with Obsidian a plus
• Experience with multi-table joins, enrichment, telemetry validation
• Strong documentation and SOC collaboration skills

DAY-TO-DAY RESPONSIBILITIES

PHASE 0 (Week 1): Environment Review

• Access Sentinel + Obsidian
• Review current detection landscape
• Assess noise patterns
• Validate and prioritize the detection backlog

PRIORITY 1: Detection Cleanup + Tuning (Weeks 1–8)

• Tune top 20 high-noise detections
• Reduce overall false positives by 40–60%
• Improve fidelity with multi-table joins
• Enrich with context + business logic
• Confirm that non-triggering detections are working correctly
• Decommission detections that can’t be saved

PRIORITY 2: New Detection Creation (Weeks 4–10)

• Build new Sentinel detections across 19 data sources (Sailpoint, WAF, CircleCI, Bastion, AugmentAI, ResolveAI, etc.)
• Build custom Obsidian detections for 11 services
• Use CrowdStrike event_simpleName for behavioral detections
• Integrate detections with Palo Alto XSOAR where needed

PRIORITY 3: Ad Hoc SOC Support

• Support 1–2 hour quick-turn detection requests
• Emergency detection creation
• Noise troubleshooting and fast triage