Skip to content
MVPeople Group Logo
MVPeopleGroup
SOC & Blue Team

Security Engineer – Microsoft Sentinel & KQL

Den Haag, ZHConsultancyHybrideMedioroverheid
Reageer directStel een vraag

Over de opdracht

A leading organisation in the public sector is strengthening its SOC capabilities. You design, build, and optimise detection use cases within their Microsoft Sentinel SIEM environment. Your focus: hands-on engineering, KQL query development, and improving alert quality across existing and newly integrated applications.

You work independently. You determine your technical approach, prioritise effectively, and own the delivery of detection logic end-to-end. Stakeholder alignment happens when needed, but the technical execution remains your responsibility.

Jouw werkzaamheden

  • Design and implement detection use cases in Microsoft Sentinel based on security monitoring requirements
  • Write, optimise, and refine KQL queries to improve detection accuracy and performance
  • Identify and reduce false positives through iterative query tuning and alert threshold optimisation
  • Integrate newly connected applications into the SIEM and configure appropriate detection logic
  • Document detection rules, monitoring logic, and query rationale for knowledge retention
  • Evaluate detection quality through metrics and recommend improvements to the SOC team
  • Work independently on technical design decisions while coordinating with stakeholders as needed

Tech Stack & Tools

Platforms & Tooling

Microsoft SentinelKQL (Kusto Query Language)Azure ecosystem

Frameworks & Standaarden

MITRE ATT&CKNIST IR

Cloud & Infrastructure

Azure

Methodieken

Detection engineeringSecurity monitoring best practicesAlert optimisation

Certificeringen (pré)

AZ-500GCIACySA+

Must-haves

  • Proven hands-on experience with Microsoft Sentinel (query, rule development, optimisation)
  • Strong KQL proficiency – you write efficient, maintainable queries independently
  • Detection engineering background – you understand attacker behaviour and relevant TTPs
  • SIEM and security monitoring experience in a SOC or similar environment
  • Self-directed approach – you own technical decisions and deliver results without close supervision

Nice-to-haves

  • Experience with Azure Log Analytics and cloud-native SIEM architecture
  • Familiarity with MITRE ATT&CK framework and threat-driven detection design
  • Background in alert tuning, false positive reduction, and SOC metrics

Wat wij bieden

  • Independent, results-driven assignment with full technical ownership
  • Hands-on work with modern cloud SIEM technology
  • Long-term engagement (minimum 3-month renewable contracts)
  • Hybrid flexibility: 2 days on-site in Den Haag, 3 days remote
  • Collaborate with a mature SOC environment and security team
  • Personal guidance from a dedicated MVPeople consultant who knows your niche

Het proces

1

Kennismaking

Telefonisch gesprek met je MVPeople consultant (binnen 24 uur)

2

Match & Brief

We bespreken de opdracht in detail en bereiden je voor

3

Klantgesprek

Introductie bij de opdrachtgever

4

Start

Contractering en onboarding

Details

Type

Consultancy

Locatie

Den Haag, ZH

Werkmodel

Hybride

Niveau

Medior

Sector

overheid

Geplaatst

31 maart 2026

Contact

MVPeople Group

jobs@mvpeoplegroup.com
Reageer directMeer informatie

Vergelijkbare vacatures

IAM / IGAConsultancy

Privacy & Permissions Officer

amsterdamHybride
Bekijk vacature
GRC & ComplianceConsultancy

IT Auditor

Apeldoorn, GEHybride
Bekijk vacature
IAM / IGAConsultancy

Teammanager Identity & Access Management (IAM)

AmsterdamHybride
Bekijk vacature
Reageer direct