Microsoft Agentic Security Engineer

Senior Level | 5–8 Years Experience | Remote (Offshore) | Project-Based Contract

Role Overview: We are looking for a senior engineer to design, build and deploy autonomous security agents on the Microsoft stack. You will automate security operations across SOC, vulnerability management and attack-surface use cases — turning security requirements into working agents that gather information, reason over it, act, and hand off cleanly.

Key Responsibilities

• Design, build and deploy autonomous security agents using Microsoft Security Copilot and Azure AI Foundry Agent Service
• Build with the Microsoft Sentinel MCP (Model Context Protocol) server and develop custom MCP tools and servers for security use cases
• Engineer detection content in KQL across Microsoft Sentinel and Defender XDR
• Build response automation and SOAR playbooks using Logic Apps and Sentinel automation rules
• Build autonomous SOC triage agents that classify alerts as true or false positive, enrich entities and assign the right owner
• Build agents for vulnerability management and attack-surface reduction including asset discovery, noise reduction and rule-based notifications
• Join client calls to gather requirements, discuss technical design and support deployment
  
  
  

Essential Skills

• Microsoft Sentinel and KQL
• Microsoft Defender XDR
• Microsoft Security Copilot
• Azure AI Foundry Agent Service
• Model Context Protocol (MCP) including building custom tools or servers
• Logic Apps and security automation (SOAR)
• Python and PowerShell
• Strong communication skills in client-facing settings
  
  
  

Desirable Skills

• Microsoft Agent Framework or Semantic Kernel
• Microsoft Entra and Purview
• Experience with autonomous SOC or AI SOC tooling
• Retrieval-augmented generation (RAG) and prompt or guardrail design
  
  
  

Certifications

• Essential: SC-200 (Security Operations Analyst) or equivalent hands-on
• experience
• Desirable: AI-102 / AI-103, SC-100, AZ-104
  
  
  

How You Will Work

This is a project-based engagement delivered primarily offshore. You will report to senior leadership. You are a builder first, but must be comfortable joining client calls to gather requirements, discuss technical design and support deployment. A portfolio of production agents, automations or detection content carries more weight than certifications alone.