Security Architect - Consultant (Detection Engineer) - Fully REMOTE/Onsite

Daily Duties/ Responsibilities:

• Review andtune current detection rules within the State SIEM.
• Perform Gap analysis of the currentdetection coverage.
• Develop detection rules/solutions to coverfound Gaps.
• monitor threatintelligence sources for new use cases.
• Work withState SOC analysts to create andtune rules.
• Work withthe State ThreatHunter to identify and remediate detection coverage gaps.
• Document processes, runbooks, and troubleshooting steps related to the SOAR and integrations.
• Coordinate withengineering, SOC, and agency staff as needed to meetgoals.
• Other dutiesas needed.

Additional skillsand duties:

• Proven experience with detection tuning/development..
• Experience with dashboard creation and reporting.

Preferred Skills(rank in orderof Importance):

• Experience with the PaloAlto Cortex XSIAM platform.
• Deep understanding of Windows/Linux artifacts.

• Excellent communication and customer service skillsfor agency- facing engagement.
• Experience in working in multi- tenancy environment
• Experience in multi-agency or enterprise service projects.

Required Education/Certifications:

• BACHELOR'S DEGREE IN AN INFORMATION TECHNOLOGY OR INFORMATION SECURITY RELATED FIELD
• EIGHT YEARS OF RELEVANT WORK EXPERIENCE MAY BE SUBSTITUTED IN LIEU OF EDUCATION
• FIVE YEARS OF EXPERIENCE IN SUPPORTING LARGE IT ENVIRONMENTS AND/OR SYSTEM DEPLOYMENTS
• 5+ years of Strong scripting and automation skills (Python, Bash, PowerShell, or similar).
• Understanding of Sigma, YARA,and other industry standard detection languages.
• Familiarity withMITRE ATT&CK framework

Preferred Education/Certifications:

• CISSP, CISA, CISO or equivalent advanced security certification.
• Additional relevant certifications (e.g., CEH, OSCP, GPEN).
• VENDOR CERTIFICATIONS IN DETECTION ENGINEERING.
• Resource is local to Columbia, South Carolina or a surrounding city in South Carolina