SRA’s mission is to level up every day to protect our clients and their customers. This begins with our team members and their experience. SRA prides itself on maintaining a culture where team members have a shared sense of support and belonging, consistent with our It’s Personal company value. At SRA, we prioritize transparent career pathing, varied DEI programming and community groups, competitive benefits including mental health support, and an emphasis on a sustainable, healthy, and engaging work culture. SRA has twice been named a Best Place to Work by the Philadelphia Business Journal.
These Essential Functions, Requirements, and Skills are guidelines. If you are a candidate who does not meet this exact job description but can demonstrate excellent organization, attention to detail, professionalism, flexibility, and self-direction in your professional background, we hope you apply. SRA values a diverse workplace and strongly encourages people of all backgrounds to apply.

SUMMARY/OBJECTIVE

We are looking for a skilled Analytics Engineer to join our CyberSOC engineering team. The ideal candidate will have hands-on experience crafting detection logic using Kusto Query Language (KQL) and a deep understanding of log source telemetry and schema structures.

Key qualifications include:

• Proven ability to develop high-fidelity detection content.
• Practical experience with at least one Endpoint Detection and Response (EDR) platform.
• Proficiency with at least one Security Information and Event Management (SIEM) solution.

This role is ideal for someone passionate about cybersecurity analytics and eager to contribute to a high-impact security operations environment.

REQUIRED EDUCATION AND EXPERIENCE

• Punctuality and timely attendance to external client and internal stakeholder needs.
• Bachelor’s degree in Information Technology, IT Security, Computer Science, Computer Engineering, or equivalent experience.
• Proficient in Kusto Query Language (KQL) for developing and troubleshooting Microsoft Sentinel analytics and functions.
• 1-3 years of professional experience, campus applicants are welcome.

PREFERRED QUALIFICATIONS AND EXPERIENCE

• Strong understanding of log source telemetry and schema structures, enabling accurate translation of use cases into high-fidelity Sentinel detection rules.
• Hands-on experience developing detection content (e.g., alerts, use cases, queries, dashboards) within a SIEM platform such as Microsoft Sentinel, Splunk, or QRadar.
• Hands-on experience with EDR platforms, including at least one of the following: CrowdStrike Falcon, SentinelOne, or Microsoft Defender for Endpoint.
• In-depth knowledge of Sentinel analytics configurations, deployment options, and best practices.
• Familiarity with Microsoft’s DevOps pipeline (training available if needed).
• Strong written and verbal communication skills, with the ability to convey technical concepts clearly and professionally to both internal teams and clients.
• Comfortable leading meetings, demonstrating professionalism, subject matter expertise, and the ability to engage stakeholders effectively.
• Highly organized with strong attention to detail, ensuring accuracy and consistency in deliverables.
• Demonstrated passion for technology and a proactive approach to staying current with industry trends.
• Collaborative team player who also excels at working independently and managing individual responsibilities.
• Flexible and adaptable, with the ability to adjust to shifting client and project needs, including occasional extended hours when necessary.

ESSENTIAL FUNCTIONS

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Provide operational coverage during standard business hours supporting internal defenders and analysts with:
• Responding to inquiries related to Microsoft Sentinel analytics
• Assisting clients with Sentinel analytics questions and troubleshooting
• Diagnosing and resolving issues with Sentinel analytics
• Deploying Sentinel analytics to client environments
• Design, develop, and modify Microsoft Sentinel analytics in alignment with requests assigned by the Analytics Engineering Lead, adhering to established processes and quality standards.
• Collaborate with the Endpoint Detection and Response (EDR) analytics team to create and maintain detection rules across one or more EDR platforms, including:
• SentinelOne
• Microsoft Defender for Endpoint
• CrowdStrike Falcon
• Develop and maintain custom Sentinel functions to enhance rule coverage and search capabilities.
• Troubleshoot and resolve issues related to Sentinel analytics and custom Sentinel functions.
• Coordinate with the Content Engineering Lead to ensure logging infrastructure is optimized to support both existing and new Sentinel analytics.
• Manage the deployment lifecycle of Sentinel analytics, including initial rollout, updates, and troubleshooting deployment-related issues.

OTHER DUTIES

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.