Senior Specialist, Cybersecurity Engineering

Position Summary**

We are seeking a Cyber Defense Analytics Senior Specialist with specialized expertise in SIEM engineering and detection content development to support and advance our Microsoft Sentinel platform. This role is instrumental in designing scalable, high-fidelity detection logic, optimizing telemetry ingestion, and improving threat visibility across the enterprise.

**Key Responsibilities**

+ Work on the development, deployment, and optimization of SIEM analytics rules, KQL-based queries, and hunting queries within Microsoft Sentinel.

+ Act as the Subject Matter Expert on SIEM, ensuring efficient and secure integration of data sources and telemetry streams.

+ Engineer detection logic that aligns with MITRE ATT&CK, threat modeling, and business risk prioritization to improve detection coverage and fidelity.

+ Partner with incident response, threat intel, and vulnerability teams to transform intelligence and threat scenarios into actionable detection content.

+ Collaborate with infrastructure and cloud teams to onboard, normalize, and validate log sources, ensuring telemetry quality and completeness.

+ Create and maintain a detection engineering lifecycle framework, from hypothesis to deployment, including validation, documentation, tuning, and suppression logic.

+ Optimize Azure Data Explorer (ADX) and custom enrichment data sources to support advanced correlation logic and reduce false positives.

+ Develop and maintain dashboards and metrics to measure detection performance, including alert volume, false positive rate, and detection dwell time.

+ Contribute to the Sentinel content roadmap and backlog management, prioritizing detections that address current and emerging threats.

+ Ensure all work adheres to security governance, SDLC policies, and compliance requirements (e.g., PCI, GDPR).

**Qualifications & Experience**

+ BA/BS required, advanced degree in Engineering and or related field.

+ Minimum 3 years of experience in SIEM engineering, threat detection, or security operations with a focus on cloud-native platforms.

+ Strong proficiency in Microsoft Sentinel, including Kusto Query Language (KQL), analytic rule creation, and custom workbook/dashboard development.

+ Hands-on experience with Azure Log Analytics, ADX, and Logstash/Cribl pipelines for data ingestion and transformation.

+ Demonstrated ability to create high-quality, low-noise detections aligned with adversary behaviors and threat models.

+ Familiarity with log source types (Windows Event, Linux syslog, firewall, cloud-native telemetry, etc.) and their parsing requirements.

+ Proficiency in scripting languages such as PowerShell or Python for data enrichment, rule testing, and automation support.

+ Experience with Agile methodologies, using tools such as Jira for managing detection backlogs and sprints.

+ Strong grasp of SDLC and DevSecOps practices in support of detection content lifecycle management.

**Preferred Certifications**

+ Microsoft Certified: Security Operations Analyst Associate (Sentinel).

+ MITRE ATT&CK Defender (MAD), GIAC (GCIA, GCED), or similar detection engineering certifications.

+ CISSP, CISM, or Microsoft Azure certifications are a plus.

Current Employees apply HERE (

Current Contingent Workers apply HERE (

**US and Puerto Rico Residents Only:**

Our company is committed to inclusion, ensuring that candidates can engage in a hiring process that exhibits their true capabilities. Please click here ( if you need an accommodation during the application or hiring process.

As an Equal Employment Opportunity Employer, we provide equal opportunities to all employees and applicants for employment and prohibit discrimination on the basis of race, color, age, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or other applicable legally protected characteristics. As a federal contractor, we comply with all affirmative action requirements for protected veterans and individuals with disabilities. For more information about personal rights under the U.S. Equal Opportunity Employment laws, visit:

EEOC Know Your Rights (

EEOC GINA Supplement

We are proud to be a company that embraces the value of bringing together, talented, and committed people with diverse experiences, perspectives, skills and backgrounds. The fastest way to breakthrough innovation is when people with diverse ideas, broad experiences, backgrounds, and skills come together in an inclusive environment. We encourage our colleagues to respectfully challenge one another’s thinking and approach problems collectively.

Learn more about your rights, including under California, Colorado and other US State Acts (

**U.S. Hybrid Work Model**

Effective September 5, 2023, employees in office-based positions in the U.S. will be working a Hybrid work consisting of three total days on-site per week, Monday - Thursday, although the specific days may vary by site or organization, with Friday designated as a remote-working day, unless business critical tasks require an on-site presence.This Hybrid work model does not apply to, and daily in-person attendance is required for, field-based positions; facility-based, manufacturing-based, or research-based positions where the work to be performed is located at a Company site; positions covered by a collective-bargaining agreement (unless the agreement provides for hybrid work); or any other position for which the Company has determined the job requirements cannot be reasonably met working remotely. Please note, this Hybrid work model guidance also does not apply to roles that have been designated as “remote”.

The Company is required to provide a reasonable estimate of the salary range for this job in certain states and cities within the United States. Final determinations with respect to salary will take into account a number of factors, which may include, but not be limited to the primary work location and the chosen candidate’s relevant skills, experience, and education.

Expected US salary range:

$114,700.00 - $180,500.00

Available benefits include bonus eligibility, long term incentive if applicable, health care and other insurance benefits (for employee and family), retirement benefits, paid holidays, vacation, and sick days. A summary of benefits is listed here ( .

**San Francisco Residents Only:** We will consider qualified applicants with arrest and conviction records for employment in compliance with the San Francisco Fair Chance Ordinance

**Los Angeles Residents Only:** We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance

**Search Firm Representatives Please Read Carefully**

Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.

**Employee Status:**

Regular

**Relocation:**

No relocation

**VISA Sponsorship:**

No

**Travel Requirements:**

10%

**Flexible Work Arrangements:**

Hybrid

**Shift:**

1st - Day

**Valid Driving License:**

No

**Hazardous Material(s):**

No

**Required Skills:**

Computer Science, Cybersecurity, Design Applications, Information Security, Management Process, Security Operations, SIEM Tools, SLA Management, Software Development, Software Development Life Cycle (SDLC), System Designs, Technical Advice, Vulnerability Scanning

**Preferred Skills:**

Threat Detection

**Job Posting End Date:**

05/22/2025

***A job posting is effective until 11:59:59PM on the day** **BEFORE** **the listed job posting end date. Please ensure you apply to a job posting no later than the day** **BEFORE** **the job posting end date.**

**Requisition ID:** R349387