Security Architect Consultant (SIEM Engineer)

InterSources Inc.

Columbia, SC(remote)

JOB DETAILS
SKILLS
Access Control, Administrative Skills, Analysis Skills, Application Programming Interface (API), Artificial Intelligence (AI), Automation, Bash Scripting, CISSP - Certified Information Systems Security Professional, Case Management, Change Control, Cloud Applications, Cloud Computing, CompTIA Security+, Computer Science, Computer Security, Consulting, Cross-Functional, Data Administration, Data Analysis, Data Modeling, Data Recovery, Documentation, ERP (Enterprise Resource Planning), Enterprise Architecture, Enterprise Protection, GIAC - Global Information Assurance Certification, Government, High Availability, Hunting, ISO (International Organization for Standardization), Identify Issues, Incident Response, Industry Standards, Information Technology & Information Systems, Information Technology Consulting, Information/Data Security (InfoSec), International Electro-Technical Commission (IEC), Internet Security, Knowledge Transfer, Linux Operating System, Maintain Compliance, Microsoft Windows Operating System, Network Access Control (NAC), On Call, Onboarding, Online Marketing, Operational Strategy, Operational Support, Oracle, Performance Tuning/Optimization, Python Programming/Scripting Language, Quality Assurance, Regulatory Compliance, Regulatory Requirements, Reporting Dashboards, Risk, Sales Pipeline, Scripting (Scripting Languages), Security Architecture, Security Consulting, Security Design, Security Information and Event Management (SIEM), Security Infrastructure, Security Monitoring, Software Development, Software as a Service (SaaS), Standard Operating Procedures (SOP), Strategic Planning, System Integration (SI), Team Player, Technical Support, Technical Writing, Telemetry, Test Plan/Schedule, Testing, Use Cases, User Experience Design (UXD), User Interface Design, Web Programming
LOCATION
Columbia, SC(remote)
POSTED
1 day ago
Title: Security Architect – Consultant (SIEM Engineer) – (12751)
Location: Columbia, SC 29210100% Remote
Candidate Location: Open to nationwide candidates; South Carolina residency is not required (Preference will be given to local candidates who can come to the office as needed for client and departmental meetings, trainings, and other onsite activities.)
Contract Duration: 12 Months
Interview Process: 1–2 virtual interview rounds; candidates available for an in-person interview are preferred


Position Overview: The selected consultant will design, implement, administer, maintain, and optimize Palo Alto Cortex XSIAM and Cortex XDR solutions across large-scale, multi-tenant security environments. The consultant will work closely with enterprise security architects, engineers, incident responders, and Tier 1 through Tier 3 SOC analysts supporting multiple state agencies.
The primary focus of this role is Cortex XSIAM and Cortex XDR engineering, detection content, automation, administration, and operational support. The consultant will also provide secondary support for Cribl data modeling, security log pipeline engineering, parsing, normalization, enrichment, routing, and ingestion.
This position is fully remote and participates in a monthly on-call rotation supporting a 24x7 Security Operations Center. After-hours maintenance, incident escalation support, and operational handoffs may be required.
Key Responsibilities
  • Design, deploy, configure, administer, optimize, and troubleshoot Palo Alto Cortex XSIAM and Cortex XDR platforms.
  • Engineer and support enterprise SIEM and XDR capabilities within large-scale, multi-tenant security environments.
  • Support agency onboarding, tenant-specific configuration, role-based access control, data segregation, dashboards, and reporting.
  • Develop, test, tune, and maintain detections, correlation rules, analytics, threat-hunting queries, watchlists, and alert suppression logic.
  • Reduce false positives while improving detection coverage, accuracy, and operational effectiveness.
  • Create, manage, and optimize complex automated response workflows and security playbooks.
  • Develop automation and integrations using Python, Bash, APIs, and other scripting technologies.
  • Design and administer Cribl data models and security log pipelines.
  • Perform log parsing, normalization, enrichment, filtering, routing, replay, transformation, and ingestion.
  • Onboard and troubleshoot telemetry from cloud platforms, endpoints, networks, identity systems, SaaS applications, Linux, Windows, and custom applications.
  • Monitor ingestion health, platform availability, alert volumes, false positives, detection coverage, service levels, and tenant-specific operational metrics.
  • Optimize log volumes, retention, platform performance, and data-ingestion costs while maintaining security and compliance requirements.
  • Integrate SIEM and XDR platforms with ticketing, case-management, notification, identity, threat-intelligence, and enterprise systems.
  • Develop automated workflows for enrichment, triage, containment, escalation, notification, case management, and incident response.
  • Support Tier 1 through Tier 3 SOC analysts through platform troubleshooting, detection tuning, threat hunting, technical escalation, knowledge transfer, and shift handoffs.
  • Create and maintain runbooks, standard operating procedures, escalation matrices, troubleshooting guides, architecture diagrams, data-flow documentation, use-case catalogs, and analyst knowledge articles.
  • Ensure high availability, resiliency, backup, recovery, lifecycle management, and controlled change processes for SIEM, XDR, and supporting log pipeline services.
  • Collaborate with security architects, engineers, analysts, and agency stakeholders to align solutions with business requirements, regulatory standards, cybersecurity frameworks, and organizational risk tolerance.
  • Participate in a monthly on-call rotation supporting a 24x7 SOC and provide after-hours maintenance or incident support as required.
Required Skills
  • Bachelor's degree in Information Technology, Information Security, Cybersecurity, Computer Science, or a related field.
  • Eight or more years of relevant professional experience may be substituted in place of the degree requirement.
  • Five or more years of experience supporting large IT environments and/or enterprise system deployments.
  • Hands-on experience with Palo Alto Cortex XSIAM and Cortex XDR design, implementation, administration, configuration, optimization, troubleshooting, and operational support.
  • Experience engineering and supporting SIEM capabilities in large-scale, multi-tenant environments.
  • Experience supporting 24x7 Security Operations Center operations.
  • Experience developing and tuning detections, correlation rules, analytics, threat-hunting queries, dashboards, reporting, watchlists, and alert suppression logic.
  • Strong experience creating, maintaining, and managing complex security playbooks.
  • Hands-on experience with Cribl data modeling and security log pipeline design.
  • Experience with log parsing, normalization, enrichment, filtering, routing, replay, and ingestion.
  • Experience developing automation, integrations, response workflows, and playbooks using Python and Bash.
  • Experience onboarding, integrating, and troubleshooting telemetry from cloud, endpoint, network, identity, SaaS, Linux, Windows, and custom application sources.
  • Strong understanding of enterprise security architecture, incident response, networking, access control, secure system design, and cybersecurity frameworks.
  • Ability to support strategic planning, solution design, implementation, troubleshooting, performance optimization, and continuous security improvement.
  • Strong technical documentation, troubleshooting, communication, and cross-functional collaboration skills.
Preferred Skills
  • Hands-on experience operating Cortex XSIAM and Cortex XDR in a large, multi-tenant enterprise environment.
  • Hands-on Cribl administration, data modeling, pipeline development, and log pipeline optimization experience.
  • Experience supporting Tier 1, Tier 2, and Tier 3 SOC analysts.
  • Experience with threat hunting, incident response, operational escalation, and 24x7 shift handoffs.
  • Experience developing security playbooks, runbooks, procedures, escalation matrices, and technical documentation.
  • Familiarity with industry-standard security and compliance frameworks.
  • CISSP, CompTIA Security+, GIAC, or a comparable security certification.
  • Palo Alto Cortex, Cribl, SIEM, XDR, or another relevant security-platform certification.
  • Previous experience supporting government, regulated, or large enterprise security environments.
About Us:
InterSources Inc , is a Small, Woman, and Minority-Owned Business Enterprise, ISO/IEC 27001, SOC 2 Type 2 certified company with massive 18+ years of diversified experience in providing IT Consulting Services, Artificial Intelligence, Data Analysis, Application Development, Cloud Services, Cybersecurity, Digital Marketing, ERP Management, Custom Software Development, Web Development, UI/ UX Design, System Integration, QA Support etc. We make reasonable accommodations for clients and employees, and we do not discriminate based on any protected attribute including race, religion, color, national origin, gender sexual orientation, gender identity, age, or marital status. We also are a Google Cloud and Oracle partner company.

About the Company

I

InterSources Inc.

It’s all about harnessing the real power of data. InterSources Inc was founded in 2007 providing intelligent data solutions to clients across industries and geographies.

Over the years, we have built products on Business Intelligence & Big Data platform simplifying and transforming the way business intelligence and real-time data analytics empower Corporations and end-users using Softwares like Tableau, Business Objects, MicroStrategy, etc.

In the process, we have enabled companies to use data analytics to help better understand, predict and influence consumer behavior, identify new market opportunities as they emerge, provide to users the data they need, alert the user when and why key business metrics have changed and enable them to make smart decisions.

COMPANY SIZE
100 to 499 employees
INDUSTRY
Computer/IT Services
FOUNDED
2007
WEBSITE
https://www.intersourcesinc.com/