Skip to content
MVPeople Group Logo
MVPeopleGroup
SOC & Blue Team

Security Engineer – Microsoft Sentinel & KQL

Den Haag, ZHConsultancyHybridMedioroverheid
Apply nowAsk a question

About the assignment

A leading organisation in the public sector is strengthening its SOC capabilities. You design, build, and optimise detection use cases within their Microsoft Sentinel SIEM environment. Your focus: hands-on engineering, KQL query development, and improving alert quality across existing and newly integrated applications.

You work independently. You determine your technical approach, prioritise effectively, and own the delivery of detection logic end-to-end. Stakeholder alignment happens when needed, but the technical execution remains your responsibility.

Your responsibilities

  • Design and implement detection use cases in Microsoft Sentinel based on security monitoring requirements
  • Write, optimise, and refine KQL queries to improve detection accuracy and performance
  • Identify and reduce false positives through iterative query tuning and alert threshold optimisation
  • Integrate newly connected applications into the SIEM and configure appropriate detection logic
  • Document detection rules, monitoring logic, and query rationale for knowledge retention
  • Evaluate detection quality through metrics and recommend improvements to the SOC team
  • Work independently on technical design decisions while coordinating with stakeholders as needed

Tech Stack & Tools

Platforms & Tooling

Microsoft SentinelKQL (Kusto Query Language)Azure ecosystem

Frameworks & Standards

MITRE ATT&CKNIST IR

Cloud & Infrastructure

Azure

Methodologies

Detection engineeringSecurity monitoring best practicesAlert optimisation

Certifications (preferred)

AZ-500GCIACySA+

Must-haves

  • Proven hands-on experience with Microsoft Sentinel (query, rule development, optimisation)
  • Strong KQL proficiency – you write efficient, maintainable queries independently
  • Detection engineering background – you understand attacker behaviour and relevant TTPs
  • SIEM and security monitoring experience in a SOC or similar environment
  • Self-directed approach – you own technical decisions and deliver results without close supervision

Nice-to-haves

  • Experience with Azure Log Analytics and cloud-native SIEM architecture
  • Familiarity with MITRE ATT&CK framework and threat-driven detection design
  • Background in alert tuning, false positive reduction, and SOC metrics

What we offer

  • Independent, results-driven assignment with full technical ownership
  • Hands-on work with modern cloud SIEM technology
  • Long-term engagement (minimum 3-month renewable contracts)
  • Hybrid flexibility: 2 days on-site in Den Haag, 3 days remote
  • Collaborate with a mature SOC environment and security team
  • Personal guidance from a dedicated MVPeople consultant who knows your niche

The process

1

Introduction

Phone call with your MVPeople consultant (within 24 hours)

2

Match & Brief

We discuss the assignment in detail and prepare you

3

Client meeting

Introduction to the client

4

Start

Contracting and onboarding

Details

Type

Consultancy

Location

Den Haag, ZH

Work model

Hybrid

Level

Medior

Industry

overheid

Posted

31 March 2026

Contact

MVPeople Group

jobs@mvpeoplegroup.com
Apply nowMore information

Related vacancies

IAM / IGAConsultancy

IAM Solution Architect

Arnhem, GEHybrid
View vacancy
IAM / IGAConsultancy

IAM QA Specialist

Arnhem, GEHybrid
View vacancy
GRC & ComplianceConsultancy

Programmamanager Cybersecurity Strategie

Rotterdam, ZHHybrid
View vacancy
Apply now