Job Title: SIEM Engineer
Location: 100% Remote. Preference will be given to local candidates who can come to the office as needed for client and departmental meetings, trainings, and other onsite activities.
Interview Process:1-2 Rounds of Virtual Interviews. In person availability for interviews preferred.
Duration: 12 Months
Employment Type: Contract
Experience Required: 10+ Years
Project Scope:
We are seeking an experienced Security Architect Consultant – SIEM Engineer to support the Department of Administration's Division of Information Security. This role is focused on the design, implementation, administration, optimization, and operational support of Palo Alto Cortex XSIAM and Cortex XDR in a large-scale, multi-tenant enterprise security environment.
The successful candidate will work alongside enterprise security architects, engineers, and a 24x7 Security Operations Center (SOC) team to enhance SIEM, XDR, detection engineering, automation, incident response, and security monitoring capabilities across multiple state agencies. This role also provides secondary support for Cribl data pipelines, log management, and telemetry onboarding.
Key Responsibilities:
· Design, implement, configure, and maintain Palo Alto Cortex XSIAM and Cortex XDR platforms.
· Support multi-tenant SIEM environments, including tenant onboarding, role-based access, data segregation, dashboards, and reporting.
· Develop and optimize: Detection rules, Correlation rules, Analytics, Threat hunting queries, Watchlists, Alert suppression logic
· Design and manage Cribl log pipelines, including: Data modeling, Parsing, Normalization, Enrichment, Routing, Filtering, Replay, Log ingestion
· Integrate telemetry from cloud, endpoint, network, identity, SaaS, Linux, Windows, and custom applications.
· Develop and maintain automated playbooks and response workflows using Python and Bash.
· Support incident response, threat hunting, and SOC operations.
· Create and maintain: Runbooks, SOPs, Architecture diagrams, Data flow documentation, Knowledge articles
· Support Tier 1–Tier 3 SOC analysts through troubleshooting, tuning, and knowledge transfer.
· Monitor SIEM health, ingestion, availability, detection coverage, false positives, MTTD, MTTR, and operational metrics.
· Ensure platform resilience, backup, recovery, lifecycle management, and change control.
· Collaborate with security architects, engineers, analysts, and business stakeholders to improve enterprise security capabilities.
Required Skills & Experience:
Preferred Skills:
· Excellent written and verbal communication skills.
· Strong ability to create: Business Requirements Documents (BRD), Functional Requirements Documents (FRD), Use Cases, Process Documentation
· Experience gathering requirements through stakeholder interviews, policy documents, regulations, and business rules analysis.
· Knowledge of business modeling techniques and graphical process flow tools.
· Ability to communicate effectively with: Executive management, Business users, Project managers, Technical teams, External stakeholders
Education
Bachelor's degree in Information Technology, Information Security, Computer Science, or related field.
Eight (8) years of relevant experience may be substituted for the degree requirement.
Minimum five (5) years supporting large enterprise IT environments or system deployments.
Preferred Certifications