Employment in this role is conditional upon successful execution of the contract by the client.

The Work

The Software Developer II performs advanced software development work focused on designing, building, testing, and optimizing Microsoft Sentinel capabilities. This role is responsible for developing custom automation playbooks, analytics rules, behavioral models, connectors, and integrations to support SOAR and UEBA functionality.

This position aligns with Cayuse’s core values of Innovation, Excellence, Collaboration, Adaptability, and Integrity by fostering technical solutions that meet customer needs, promoting teamwork, and prioritizing quality in deliverables.

• Designs, develops, tests, and deploys Sentinel SOAR automation playbooks using Azure Logic Apps, Azure Functions, ARM templates, and REST APIs.
• Creates automated workflows for alert enrichment, triage, response actions, notification processes, and case management.
• Integrates Sentinel with third-party systems (EDR, IAM, ticketing systems, email gateways, firewalls, etc.) to automate security operations.
• Develops custom UEBA detection rules, anomaly models, ML-based behavior patterns, and advanced hunting queries (KQL).
• Builds and maintains analytics content, data parsers, normalization rules, and entity behavior profiles.
• Evaluate behavioral anomalies and collaborate with cybersecurity teams to fine-tune detection logic.
• Designs and implements custom data connectors, ingestion pipelines, and data transformation logic.
• Create dashboards, workbooks, hunting queries, and detection-as-code assets.
• Performs platform tuning to improve performance, reduce noise, and align to MITRE ATT&CK and Zero Trust principles.
• Develops supporting code modules, scripts, microservices, and helper APIs using Python, PowerShell, .NET, or similar languages.
• Works with DevOps pipelines, CI/CD processes, version control, and infrastructure-as-code where applicable.
• Writes technical design documents, SOPs, architecture diagrams, and automation runbooks.
• Collaborates with cross-functional stakeholders on requirements, testing, and deployment.
• Provides Tier III support for Sentinel engineering issues and participates in after-action reviews when needed.

• Other duties as assigned.

Here’s What You Need

• Graduation from an accredited four-year college or university with major coursework in computer science, computer information systems, software engineering, cybersecurity, or a related field.
• 2 years of experience in software development, cloud engineering, SIEM Engineering, or Cybersecurity engineering.
• Must be able to pass a background check. May require additional background checks as required by projects and/or clients at any time during employment.

Minimum Skills:

• Exceptional interpersonal skills with the ability to communicate in a clear, professional, and articulate manner.
• Building Logic App workflows and custom Sentinel automation playbooks.
• Writing complex KQL queries for analytics, hunting, and behavioral detection.
• Developing custom connectors, data maps, and parsers.
• Designing and optimizing UEBA detection models.
• Debugging SOAR workflows and resolving integration issues.
• Microsoft Sentinel architecture, SOAR, and UEBA capabilities.
• Azure cloud services, Logic Apps, Azure Functions, Event Hubs, Key Vault, and Azure AD.
• Security operations processes (triage, threat detection, incident response, threat modeling).
• MITRE ATT&CK, NIST CSF, Zero Trust Architecture concepts.
• Programming and scripting languages (Python, PowerShell, KQL, C#, JavaScript, or equivalent).
• CI/CD pipelines, DevOps practices, and Git-based version control.
• API integrations and JSON/YAML structures.
• Communicating technical information clearly to both technical and non-technical
• Exceptional verbal and written communication skills. 
• Excellent organizational, analytical, and problem-solving skills with high-level attention to detail.

• Ability to analyze systems and procedures
• Strong multitasking skills with the ability to manage multiple design streams across concurrent work effort.
• Must be self-motivated and able to work well independently as well as on a multi-functional team.
• Ability to handle sensitive and confidential information appropriately.
• Translate security requirements into scalable technical solutions.
• Analyze threat behaviors and develop meaningful detections.
• Work collaboratively with cybersecurity, infrastructure, and application teams.
• Manage multiple work assignments and meet deadlines.

Desired Qualifications:

• 3 years experience or more of hands-on technical experience with Microsoft Sentinel.
• 1 year of experience developing UEBA models, anomaly detection rules, and behavior-based analytic
• 1 year experience with building Security Automation Playbooks (SOAR).
• 1 year experience with Microsoft certifications such as: SC-200: Security Operations Analyst, AZ-900 / AZ-104, SC-100 / SC-300.
• 1 year experience integrating Sentinel with EDR, IAM, firewalls, and ticketing systems.
• 1 year experience with DevOps pipelines (GitHub, Azure DevOps).
• 1 year experience working in a government, healthcare, or regulatory environment.

Our Commitment to you / overview of benefits

• Medical, Dental and Vision Insurance; Wellness Program
• Flexible Spending Accounts (Healthcare, Dependent Care, Commuter)
• Short-Term and Long-Term Disability options
• Basic Life and AD&D Insurance (Company Provided)
• Voluntary Life and AD&D options
• 401(k) Retirement Savings Plan with matching after one year
• Paid Time Off

Reports to: Program Manager

Working Conditions

• Professional office environment, with the ability to work onsite in the main office.
• Must reside in the Austin area.
• Must be physically and mentally able to perform duties extended periods of time.
• Ability to use a computer and other office productivity tools with sufficient speed to meet the demands of this position.
• Must be able to establish a productive and professional workspace.
• Must be able to sit for long periods of time looking at computer screen.

• May be asked to work a flexible schedule which may include holidays.
• May be asked to travel for business or professional development purposes.
• May be asked to work hours outside of normal business hours.
• Travel costs, per diem, and other related expenses must be pre-approved in compliance with State of Texas travel guidelines.

Other Duties: Please note this job description is not designed to cover or contain a comprehensive list of activities, duties or responsibilities that are required of the employee for this job.  Duties, responsibilities, and activities may change at any time with or without notice.

Cayuse is an Equal Opportunity Employer.  All employment decisions are based on merit, qualifications, skills, and abilities. All qualified applicants will receive consideration for employment in accordance with any applicable federal, state, or local law.