Sistema Technologies Inc.
Austin, TX
Software Developer - Solicitation# 537601537
Texas Health and Human Services Commission (HHSC)
The Software Developer performs advanced (senior-level) software development work focused on designing, building, testing, and optimizing Microsoft Sentinel capabilities for DSHS projects. This role is responsible for developing custom automation playbooks, analytics rules, behavioral models, connectors, and integrations to support SOAR and UEBA functionality. The position works under limited supervision with considerable latitude for initiative, independent judgment, and technical leadership.
Essential Job Functions (EJFs) 1. Microsoft Sentinel SOAR Development (40%)
Designs, develops, tests, and deploys
Sentinel SOAR automation playbooks
using Azure Logic Apps, Azure Functions, ARM templates, and REST APIs.
Creates automated workflows for alert enrichment, triage, response actions, notification processes, and case management.
Integrates Sentinel with third-party systems (EDR, IAM, ticketing systems, email gateways, firewalls, etc.) to automate security operations.
2. UEBA & Analytics Engineering (30%)
Develops custom
UEBA detection rules , anomaly models, ML-based behavior patterns, and advanced hunting queries (KQL).
Builds and maintains analytics content, data parsers, normalization rules, and entity behavior profiles.
Evaluates behavioral anomalies and collaborates with cybersecurity teams to fine‑tune detection logic.
3. SIEM Content Development & Platform Engineering (15%)
Designs and implements custom data connectors, ingestion pipelines, and data transformation logic.
Creates dashboards, workbooks, hunting queries, and detection‑as‑code assets.
Performs platform tuning to improve performance, reduce noise, and align to MITRE ATT&CK and Zero Trust principles.
4. Application Development & Integration (10%)
Develops supporting code modules, scripts, microservices, and helper APIs using Python, PowerShell, .NET, or similar languages.
Works with DevOps pipelines, CI/CD processes, version control, and infrastructure‑as‑code where applicable.
5. Documentation, Collaboration & Support (5%)
Writes technical design documents, SOPs, architecture diagrams, and automation runbooks.
Collaborates with DSHS, HHSC CISO Office, and cross‑functional stakeholders on requirements, testing, and deployment.
Provides Tier III support for Sentinel engineering issues and participates in after‑action reviews when needed.
Knowledge, Skills, and Abilities (KSAs) Knowledge of:
Microsoft Sentinel architecture, SOAR, and UEBA capabilities.
Azure cloud services, Logic Apps, Azure Functions, Event Hubs, Key Vault, and Azure AD.
Security operations processes (triage, threat detection, incident response, threat modeling).
MITRE ATT&CK, NIST CSF, Zero Trust Architecture concepts.
Programming and scripting languages (Python, PowerShell, KQL, C#, JavaScript, or equivalent).
CI/CD pipelines, DevOps practices, and Git‑based version control.
API integrations and JSON/YAML structures.
Skills in:
Building Logic App workflows and custom Sentinel automation playbooks.
Writing complex KQL queries for analytics, hunting, and behavioral detection.
Developing custom connectors, data maps, and parsers.
Designing and optimizing UEBA detection models.
Debugging SOAR workflows and resolving integration issues.
Communicating technical information clearly to both technical and non‑technical audiences.
Abilities to:
Work independently and take ownership of complex development tasks.
Translate security requirements into scalable technical solutions.
Analyze threat behaviors and develop meaningful detections.
Work collaboratively with cybersecurity, infrastructure, and application teams.
Manage multiple work assignments and meet deadlines.
Position will be 5 days required to be onsite. ***Subject to change per manager***
Program will only accept LOCAL ONLY candidates for this position.
Minimum Requirements
4 years actual experience required; graduation from an accredited four‑year college or university with major coursework in computer science, computer information systems, software engineering, cybersecurity, or a related field.
2 years actual experience required; two (2) years of full‑time experience in software development, cloud engineering, SIEM engineering, or cybersecurity engineering.
2 years actual experience required; two (2) years of full‑time experience in software development, cloud engineering, SIEM engineering, or cybersecurity engineering.
3 years preferred; three (3) or more years of hands‑on technical experience with Microsoft Sentinel.
1 year preferred; experience developing UEBA models, anomaly detection rules, and behavior‑based analytics.
1 year preferred; experience building Security Automation Playbooks (SOAR).
1 year preferred; Microsoft certifications such as SC‑200, AZ‑900, AZ‑104, SC‑100, SC‑300.
1 year preferred; experience integrating Sentinel with EDR, IAM, firewalls, and ticketing systems.
1 year preferred; experience with DevOps pipelines (GitHub, Azure DevOps).
1 year preferred; experience working in a government, healthcare, or regulatory environment.
References Three references are required: one for each of the following categories – Peer/Co‑worker/Supervisor, Customer End‑User/Subordinate, and Customer End‑User/Subordinate. Provide contact information including title, company name, phone number (with area code), email, and professional relationship.
#J-18808-Ljbffr
Software Developer - Solicitation# 537601537
Texas Health and Human Services Commission (HHSC)
The Software Developer performs advanced (senior-level) software development work focused on designing, building, testing, and optimizing Microsoft Sentinel capabilities for DSHS projects. This role is responsible for developing custom automation playbooks, analytics rules, behavioral models, connectors, and integrations to support SOAR and UEBA functionality. The position works under limited supervision with considerable latitude for initiative, independent judgment, and technical leadership.
Essential Job Functions (EJFs) 1. Microsoft Sentinel SOAR Development (40%)
Designs, develops, tests, and deploys
Sentinel SOAR automation playbooks
using Azure Logic Apps, Azure Functions, ARM templates, and REST APIs.
Creates automated workflows for alert enrichment, triage, response actions, notification processes, and case management.
Integrates Sentinel with third-party systems (EDR, IAM, ticketing systems, email gateways, firewalls, etc.) to automate security operations.
2. UEBA & Analytics Engineering (30%)
Develops custom
UEBA detection rules , anomaly models, ML-based behavior patterns, and advanced hunting queries (KQL).
Builds and maintains analytics content, data parsers, normalization rules, and entity behavior profiles.
Evaluates behavioral anomalies and collaborates with cybersecurity teams to fine‑tune detection logic.
3. SIEM Content Development & Platform Engineering (15%)
Designs and implements custom data connectors, ingestion pipelines, and data transformation logic.
Creates dashboards, workbooks, hunting queries, and detection‑as‑code assets.
Performs platform tuning to improve performance, reduce noise, and align to MITRE ATT&CK and Zero Trust principles.
4. Application Development & Integration (10%)
Develops supporting code modules, scripts, microservices, and helper APIs using Python, PowerShell, .NET, or similar languages.
Works with DevOps pipelines, CI/CD processes, version control, and infrastructure‑as‑code where applicable.
5. Documentation, Collaboration & Support (5%)
Writes technical design documents, SOPs, architecture diagrams, and automation runbooks.
Collaborates with DSHS, HHSC CISO Office, and cross‑functional stakeholders on requirements, testing, and deployment.
Provides Tier III support for Sentinel engineering issues and participates in after‑action reviews when needed.
Knowledge, Skills, and Abilities (KSAs) Knowledge of:
Microsoft Sentinel architecture, SOAR, and UEBA capabilities.
Azure cloud services, Logic Apps, Azure Functions, Event Hubs, Key Vault, and Azure AD.
Security operations processes (triage, threat detection, incident response, threat modeling).
MITRE ATT&CK, NIST CSF, Zero Trust Architecture concepts.
Programming and scripting languages (Python, PowerShell, KQL, C#, JavaScript, or equivalent).
CI/CD pipelines, DevOps practices, and Git‑based version control.
API integrations and JSON/YAML structures.
Skills in:
Building Logic App workflows and custom Sentinel automation playbooks.
Writing complex KQL queries for analytics, hunting, and behavioral detection.
Developing custom connectors, data maps, and parsers.
Designing and optimizing UEBA detection models.
Debugging SOAR workflows and resolving integration issues.
Communicating technical information clearly to both technical and non‑technical audiences.
Abilities to:
Work independently and take ownership of complex development tasks.
Translate security requirements into scalable technical solutions.
Analyze threat behaviors and develop meaningful detections.
Work collaboratively with cybersecurity, infrastructure, and application teams.
Manage multiple work assignments and meet deadlines.
Position will be 5 days required to be onsite. ***Subject to change per manager***
Program will only accept LOCAL ONLY candidates for this position.
Minimum Requirements
4 years actual experience required; graduation from an accredited four‑year college or university with major coursework in computer science, computer information systems, software engineering, cybersecurity, or a related field.
2 years actual experience required; two (2) years of full‑time experience in software development, cloud engineering, SIEM engineering, or cybersecurity engineering.
2 years actual experience required; two (2) years of full‑time experience in software development, cloud engineering, SIEM engineering, or cybersecurity engineering.
3 years preferred; three (3) or more years of hands‑on technical experience with Microsoft Sentinel.
1 year preferred; experience developing UEBA models, anomaly detection rules, and behavior‑based analytics.
1 year preferred; experience building Security Automation Playbooks (SOAR).
1 year preferred; Microsoft certifications such as SC‑200, AZ‑900, AZ‑104, SC‑100, SC‑300.
1 year preferred; experience integrating Sentinel with EDR, IAM, firewalls, and ticketing systems.
1 year preferred; experience with DevOps pipelines (GitHub, Azure DevOps).
1 year preferred; experience working in a government, healthcare, or regulatory environment.
References Three references are required: one for each of the following categories – Peer/Co‑worker/Supervisor, Customer End‑User/Subordinate, and Customer End‑User/Subordinate. Provide contact information including title, company name, phone number (with area code), email, and professional relationship.
#J-18808-Ljbffr