IT - ADMIN - Security Architect - Consultant - SIEM Engineer

Talent Software Services, Inc.

Columbia, SC(remote)

JOB DETAILS
SALARY
$85–$90 Per Hour
SKILLS
Access Control, Administrative Skills, Analysis Skills, Automation, Bash Scripting, Best Practices, CISSP - Certified Information Systems Security Professional, Case Management, Change Control, Change Management, Cloud Computing, CompTIA - Computing Technology Industry Association, Computer Security, Data Management, Data Modeling, Data Recovery, Endpoint Security, Enterprise Architecture, Enterprise Protection, GIAC - Global Information Assurance Certification, High Availability, Hunting, Identify Issues, Incident Management, Incident Response, Industry Standards, Information Systems/Technology IS/IT Administration, Information Technology & Information Systems, Internet Security, Knowledge Base, Knowledge Transfer, Maintain Compliance, Metrics, On Call, Onboarding, Operational Support, Python Programming/Scripting Language, Regulatory Compliance, Reporting Dashboards, Risk, Sales Pipeline, Security Architecture, Security Consulting, Security Information and Event Management (SIEM), Service Level Agreement (SLA), Standard Operating Procedures (SOP), Team Player, Technical Writing, Telemetry, Test Plan/Schedule
LOCATION
Columbia, SC
POSTED
1 day ago

Daily Duties / Responsibilities

Work Schedule

  • 100% Remote position.
  • Participate in a monthly on-call rotation supporting a 24x7 Security Operations Center (SOC) serving multiple state agencies.
  • Provide after-hours support as needed.

SIEM & XDR Administration

  • Assist in the planning, design, deployment, administration, and operational support of enterprise SIEM and XDR platforms.
  • Engineer, configure, optimize, troubleshoot, and maintain Palo Alto Cortex XSIAM and Cortex XDR environments.
  • Perform multi-tenant agency onboarding, tenant-specific configurations, role-based access control (RBAC), data segregation, dashboards, and reporting.
  • Develop and optimize:
    • Detection rules
    • Correlation rules
    • Analytics
    • Threat hunting queries
    • Watchlists
    • Alert suppression logic
    • False positive reduction strategies

Log Management & Data Pipeline Engineering

  • Assist in planning, designing, deploying, and supporting enterprise log management solutions.
  • Design and manage Cribl data pipelines, including:
    • Data modeling
    • Log routing
    • Parsing
    • Normalization
    • Enrichment
    • Filtering
    • Replay
    • Log ingestion
  • Onboard and monitor telemetry from:
    • Cloud platforms
    • Endpoint security tools
    • Network devices
    • Identity platforms
    • SaaS applications
    • Custom applications
  • Optimize log volume, retention, performance, and cost while ensuring security and compliance.

Automation & Integration

  • Develop, test, deploy, and maintain automated response workflows and playbooks.
  • Build automation for:
    • Alert enrichment
    • Incident triage
    • Containment
    • Escalation
    • Notifications
    • Case management
    • Incident response
  • Integrate SIEM/XDR platforms with:
    • Ticketing systems
    • Case management platforms
    • Identity solutions
    • Threat intelligence platforms
    • Notification systems
    • Enterprise security tools

Documentation

  • Create and maintain:
    • Operational runbooks
    • Standard Operating Procedures (SOPs)
    • Escalation matrices
    • Troubleshooting guides
    • Architecture diagrams
    • Data flow documentation
    • Security use-case catalogs
    • Analyst knowledge base articles

SOC Support

  • Support Tier 1, Tier 2, and Tier 3 SOC Analysts and Incident Responders.
  • Assist with:
    • Platform troubleshooting
    • Detection tuning
    • Threat hunting
    • Technical escalations
    • Knowledge transfer
    • Shift handoffs

Monitoring & Reporting

  • Monitor and report:
    • Log ingestion health
    • Platform availability
    • Alert volumes
    • Detection coverage
    • False positives
    • Service Level Agreements (SLAs)
    • Mean Time to Detect (MTTD)
    • Mean Time to Respond (MTTR)
    • Tenant-specific operational metrics

Platform Operations

  • Ensure:
    • High availability
    • Platform resilience
    • Backup and recovery
    • Lifecycle management
    • Controlled change management
    • Operational stability of SIEM, XDR, and log pipeline services

Collaboration

  • Work closely with:
    • Security Architects
    • Security Engineers
    • SOC Analysts
    • Incident Responders
    • Agency stakeholders
  • Align security solutions with:
    • Business objectives
    • Cybersecurity best practices
    • Regulatory compliance
    • Industry security frameworks
    • Organizational risk tolerance

Required Skills (Ranked by Importance)

  • Hands-on experience with Palo Alto Cortex XSIAM and Cortex XDR design, implementation, administration, and operational support.
  • Experience engineering and supporting SIEM platforms in multi-tenant environments and 24x7 Security Operations Centers (SOC).
  • Strong experience developing and tuning:
    • Detection rules
    • Correlation rules
    • Analytics
    • Threat hunting queries
    • Dashboards
    • Reporting
    • Alert suppression logic
  • Strong experience designing and managing complex automation playbooks.
  • Hands-on experience with Cribl:
    • Data modeling
    • Log pipeline design
    • Parsing
    • Normalization
    • Enrichment
    • Routing
    • Log ingestion
  • Experience developing automation, integrations, and response workflows using:
    • Python
    • Bash
  • Experience onboarding and troubleshooting telemetry from:
    • Cloud environments
    • Endpoint platforms
    • Network devices
    • Identity systems
    • SaaS applications
    • Linux
    • Windows
    • Custom applications
  • Strong understanding of:
    • Enterprise security architecture
    • Incident response
    • Networking
    • Access control
    • Secure system design
    • Cybersecurity frameworks

Preferred Skills

  • Hands-on experience managing Cortex XSIAM and Cortex XDR in large-scale multi-tenant environments.
  • Strong experience with Cribl Administration, data modeling, and log pipeline optimization.
  • Experience supporting Tier 1–Tier 3 SOC operations, threat hunting, incident response, and 24x7 operational handoffs.
  • Experience developing:
    • Playbooks
    • Runbooks
    • Standard Operating Procedures (SOPs)
    • Technical documentation
  • Familiarity with industry-standard security and compliance frameworks.

Required Education / Certifications

  • Bachelor's degree in Information Technology, Information Security, or a related field.
  • Eight (8) years of relevant work experience may be substituted in lieu of a bachelor's degree.
  • Minimum five (5) years of experience supporting large enterprise IT environments and/or system deployments.

Preferred Certifications

  • CISSP (Certified Information Systems Security Professional)
  • CompTIA Security
  • GIAC Certification
  • Palo Alto Cortex Certification
  • Cribl Certification
  • Other relevant SIEM or cybersecurity platform certifications.

Join our team in Columbia, SC, where you can enjoy the flexibility of a remote role while supporting a dynamic and critical 24x7 Security Operations Center. Be part of an innovative environment that values collaboration and expertise in cybersecurity.

About the Company

T

Talent Software Services, Inc.