Security Architect - Consultant - SIEM Engineer for Remote Work

Syntricate Technologies Inc

Columbia, SC(remote)

JOB DETAILS
SKILLS
Administrative Skills, Analysis Skills, Automation, Bash Scripting, CISSP - Certified Information Systems Security Professional, Case Management, Change Control, Cloud Computing, CompTIA Security+, Computer Security, Cost Control, Data Management, Data Modeling, Data Recovery, Documentation, Enterprise Architecture, Enterprise Protection, GIAC - Global Information Assurance Certification, High Availability, Hunting, Identify Issues, Incident Response, Industry Standards, Information Technology & Information Systems, Internet Security, Knowledge Transfer, Linux Operating System, Maintain Compliance, Metrics, Microsoft Windows Operating System, Network Access Control (NAC), On Call, Onboarding, Operational Support, Performance Tuning/Optimization, Python Programming/Scripting Language, Regulatory Compliance, Regulatory Requirements, Reporting Dashboards, Risk, Scripting (Scripting Languages), Security Architecture, Security Consulting, Security Information and Event Management (SIEM), Security Infrastructure, Software as a Service (SaaS), Standard Operating Procedures (SOP), Systems Administration/Management, Technical Support, Technical Writing, Telemetry, Test Plan/Schedule, Testing, Use Cases, Work From Home
LOCATION
Columbia, SC
POSTED
1 day ago
 Requisition Name:   Security Architect - Consultant - SIEM Engineer
Work Address –  Remote Work - 100% Remote. Preference will be given to local candidates who can come to the office as needed for client and departmental meetings, trainings, and other onsite activities.).
Duration of the Contract: 12 Months
Possibility for Extension: Yes
 
 
Security Architect - Consultant – SIEM Engineer
 
Daily Duties and Responsibilities
 
  1. This position is 100% remote and participates in a monthly on-call rotation supporting a 24x7 Security Operations Center serving multiple state agencies. Additional after-hours work may be required as needed.
  2. Enterprise SIEM and XDR
  3. Primarily assist in the planning, design, deployment, administration, and operational support of enterprise SIEM and XDR capabilities, including:
  4. Palo Alto Cortex XSIAM and Cortex XDR platform engineering, configuration, optimization, and troubleshooting
  5. Multi-tenant agency onboarding, tenant-specific configuration, role-based access, data segregation, dashboards, and reporting
  6. Detection engineering, correlation rules, analytics, threat-hunting queries, watchlists, suppression logic, and false-positive reduction
  7. Log Management and Security Data Pipelines
  8. Secondarily assist in the planning, design, deployment, and operational support of log management and security data pipelines, including:
  9. Cribl data modeling, log pipeline design, routing, parsing, normalization, enrichment, filtering, replay, and ingestion
  10. Onboarding and health monitoring of cloud, endpoint, network, identity, SaaS, and custom application telemetry
  11. Log volume, retention, performance, and cost optimization while maintaining security and compliance requirements
  12. Integrations with ticketing, case management, notification, identity, threat intelligence, and other enterprise systems as needed

    Additional Responsibilities
  13. Develop, test, deploy, and maintain automated response workflows and playbooks for enrichment, triage, containment, escalation, notifications, case management, and incident response.
  14. Create and maintain operational runbooks, standard operating procedures, escalation matrices, troubleshooting guides, architecture diagrams, data-flow documentation, use-case catalogs, and analyst knowledge articles.
  15. Support Tier 1 through Tier 3 SOC analysts and incident responders through platform troubleshooting, detection tuning, threat hunting, technical escalation, knowledge transfer, and shift handoffs.
  16. Monitor and report on ingestion health, platform availability, alert volumes, detection coverage, false positives, service levels, mean time to detect, mean time to respond, and tenant-specific operational metrics.
  17. Ensure high availability, resilience, backup, recovery, lifecycle management, and controlled change processes for SIEM, XDR, and supporting log pipeline services.
  18. Collaborate with security architects, engineers, analysts, and agency stakeholders to align solutions with business goals, industry-standard frameworks, regulatory requirements, and organizational risk tolerance.
 
Required Skills (Ranked in Order of Importance)
  1. Hands-on Palo Alto Cortex XSIAM and Cortex XDR design, implementation, administration, and operational support.
  2. Experience engineering and supporting SIEM capabilities for multi-tenant environments and 24x7 Security Operations Center operations.
  3. Experience developing and tuning detections, correlation rules, analytics, threat-hunting queries, dashboards, reporting, and alert suppression logic.
  4. Strong experience creating and managing complex playbooks.
  5. Cribl data modeling, log pipeline design, parsing, normalization, enrichment, routing, and ingestion.
  6. Experience developing automation, integrations, playbooks, and response workflows using scripting languages such as Python and Bash.
  7. Experience onboarding and troubleshooting telemetry from cloud, endpoint, network, identity, SaaS, Linux, Windows, and custom application sources.
  8. Strong understanding of enterprise security architecture, incident response, networking, access control, secure system design, and industry-standard cybersecurity frameworks.
 
Preferred Skills (Ranked in Order of Importance)
  1. Hands-on experience operating Cortex XSIAM and Cortex XDR in a large, multi-tenant environment.
  2. Hands-on Cribl administration, data modeling, and log pipeline optimization experience.
  3. Experience supporting Tier 1 through Tier 3 SOC analysts, threat hunting, incident response, and 24x7 operational handoffs.
  4. Familiarity with industry-standard security and compliance frameworks and experience developing playbooks, runbooks, procedures, and technical documentation.
 
Required Education and Certifications
  1. Bachelor's degree in an Information Technology or Information Security-related field.
  2. Eight years of relevant work experience may be substituted in lieu of education.
  3. Five years of experience supporting large IT environments and/or system deployments.
 
Preferred Education and Certifications
  1. CISSP, Security+, or GIAC certification.
  2. Palo Alto Cortex, Cribl, or other relevant SIEM/security platform certification.
 

About the Company

S

Syntricate Technologies Inc