<p><strong>SOC Engineer (Security Operations Center)</strong></p><p><strong>Location:</strong> Remote (Washington, DC area preferred)</p><p><strong>Travel:</strong> Must be willing to attend quarterly in-person team meetings</p><p><strong>Clearance:</strong> Ability to obtain Public Trust (Currently held preferred)</p><p><strong>Duration: </strong>6-month contract, potential for extension or conversion. </p><p><strong>Position Overview</strong></p><p>We are seeking a skilled <strong>SOC Engineer</strong> to design and maintain Security Operations Center (SOC) data feed solutions, implement SOAR capabilities, and ensure feed health through collaboration with cross-functional teams. This role requires strong cybersecurity expertise, including network security, SIEM, incident response, and threat detection.</p><p>The SOC Engineer will also serve as a <strong>backup SOC Lead</strong>, managing escalations and providing leadership updates during critical incidents when the primary lead is unavailable.</p><p><strong>Key Responsibilities</strong></p><ul><li><strong>Microsoft Sentinel Engineering:</strong> Maintain and optimize Microsoft Sentinel SIEM/SOAR solutions in alignment with client requirements, industry best practices, and federal compliance mandates.</li><li><strong>Data Integration:</strong> Configure and manage log/data feeds from diverse sources (e.g., Fluent Bit, Windows Events, M365, cloud services, endpoint/security platforms).</li><li><strong>Parsing & Normalization:</strong> Develop and refine log parsing rules using Regex, DCRs, and custom transformations for accurate and usable data in Sentinel.</li><li><strong>SOAR Development:</strong> Engineer automation and orchestration solutions using Microsoft Logic Apps, Azure Functions, and PowerShell/Python scripts to improve SOC efficiency and incident response.</li><li><strong>Threat Detection Engineering:</strong> Build, tune, and optimize analytic rules, UEBA, dashboards, and reports to enhance detection and response coverage.</li><li><strong>Collaboration:</strong> Work with network, endpoint, cloud, and IT operations teams to integrate new data sources and deliver actionable SOC capabilities.</li><li><strong>Documentation & Knowledge Transfer:</strong> Create and maintain SOC architecture documentation, onboarding guides, and automation playbooks; train SOC analysts on new tools and processes.</li><li><strong>Advisory & Improvement:</strong> Conduct gap analyses of SOC capabilities, recommend improvements, and contribute to SOC process maturity.</li><li><strong>Incident Response Support:</strong> Provide Tier 3 support and assist with complex investigations as needed.</li></ul>

<p><strong>Required Qualifications</strong></p><ul><li>Ability to obtain Public Trust clearance.</li><li>2–5 years of experience in network defense, SOC engineering, or cybersecurity operations.</li><li>Hands-on experience with Microsoft Sentinel (log onboarding, rule development, automation).</li><li>Proficiency with log parsing and normalization (Regex, Fluent Bit, DCRs, KQL).</li><li>Strong scripting skills in PowerShell and/or Python.</li><li>Experience configuring and maintaining data feeds for SOC visibility (cloud, endpoint, network, on-prem).</li><li>Familiarity with incident response concepts, threat detection engineering, and SOAR workflows.</li><li>Excellent written and verbal communication skills.</li></ul><p>•<strong>Preferred Qualifications</strong></p><ul><li>Knowledge of federal cybersecurity mandates (M-21-31, NIST CSF, CISA Playbooks, BOD 22-01).</li><li>Experience with Microsoft Logic Apps, Azure Functions, or other SOAR platforms.</li><li>Experience with UEBA configuration and anomaly detection.</li><li>Background in AI/ML frameworks for cyber analytics.</li><li>Experience building SOC metrics, dashboards, and reporting.</li><li>Familiarity with M365, Azure security tools, ServiceNow workflows, and CISA CDM tools.</li><li>Relevant certifications (CISSP, CISM, SC-200, AZ-500).</li></ul><p> <strong>Education & Experience</strong></p><ul><li>Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience).</li><li>5+ years of progressive cybersecurity/SOC experience (engineering and operations).</li></ul>

<h3 class="rh-display-3--rich-text">Technology Doesn't Change the World, People Do.^®</h3> <p>Robert Half is the world’s first and largest specialized talent solutions firm that connects highly qualified job seekers to opportunities at great companies. We offer contract, temporary and permanent placement solutions for finance and accounting, technology, marketing and creative, legal, and administrative and customer support roles.</p> <p>Robert Half works to put you in the best position to succeed. We provide access to top jobs, competitive compensation and benefits, and free online training. Stay on top of every opportunity - whenever you choose - even on the go. <a href="https://www.roberthalf.com/us/en/mobile-app" target="_blank">Download the Robert Half app</a> and get 1-tap apply, notifications of AI-matched jobs, and much more.</p> <p>All applicants applying for U.S. job openings must be legally authorized to work in the United States. Benefits are available to contract/temporary professionals, including medical, vision, dental, and life and disability insurance. Hired contract/temporary professionals are also eligible to enroll in our company 401(k) plan. Visit <a href="https://roberthalf.gobenefits.net/" target="_blank">roberthalf.gobenefits.net</a> for more information.</p> <p>© 2025 Robert Half. An Equal Opportunity Employer. M/F/Disability/Veterans. By clicking “Apply Now,” you’re agreeing to <a href="https://www.roberthalf.com/us/en/terms">Robert Half’s Terms of Use</a>.</p>