SIEM Engineer - Contract - Remote (Onsite in SC if required)

SUNSHINE ENTERPRISE USA LLC

Columbia, SC(remote)

JOB DETAILS
SKILLS
Administrative Skills, Automation, Bash Scripting, Business Model, CISSP - Certified Information Systems Security Professional, Change Control, Cloud Computing, Communication Skills, CompTIA Security+, Computer Science, Computer Security, Data Management, Data Modeling, Data Recovery, Documentation, Engineering, Enterprise Architecture, Enterprise Protection, GIAC - Global Information Assurance Certification, Hunting, Identify Issues, Identity Data Management, Incident Response, Information Technology & Information Systems, Information/Data Security (InfoSec), Internet Security, Knowledge Transfer, Linux Operating System, Metrics, Microsoft Windows Operating System, Onboarding, Operational Support, Presentation/Verbal Skills, Process Flow, Process Improvement, Project/Program Management, Python Programming/Scripting Language, Reporting Dashboards, Sales Pipeline, Security Architecture, Security Consulting, Security Information and Event Management (SIEM), Security Monitoring, Software as a Service (SaaS), Standard Operating Procedures (SOP), Telemetry, Writing Skills
LOCATION
Columbia, SC
POSTED
2 days ago

Job Title: SIEM Engineer
Location: 100% Remote. Preference will be given to local candidates who can come to the office as needed for client and departmental meetings, trainings, and other onsite activities.

Interview Process:1-2 Rounds of Virtual Interviews. In person availability for interviews preferred.
Duration: 12 Months
Employment Type:
Contract
Experience Required:
10+ Years

Candidate location: No South Carolina residency required. Open to nationwide candidates. All travel-related costs for onsite work will be the responsibility of the resource no matter the frequency of onsite work.

Project Scope:

We are seeking an experienced Security Architect Consultant – SIEM Engineer to support the Department of Administration's Division of Information Security. This role is focused on the design, implementation, administration, optimization, and operational support of Palo Alto Cortex XSIAM and Cortex XDR in a large-scale, multi-tenant enterprise security environment.

The successful candidate will work alongside enterprise security architects, engineers, and a 24x7 Security Operations Center (SOC) team to enhance SIEM, XDR, detection engineering, automation, incident response, and security monitoring capabilities across multiple state agencies. This role also provides secondary support for Cribl data pipelines, log management, and telemetry onboarding.

 

Key Responsibilities:

·        Design, implement, configure, and maintain Palo Alto Cortex XSIAM and Cortex XDR platforms.

·        Support multi-tenant SIEM environments, including tenant onboarding, role-based access, data segregation, dashboards, and reporting.

·        Develop and optimize: Detection rules, Correlation rules, Analytics, Threat hunting queries, Watchlists, Alert suppression logic

·        Design and manage Cribl log pipelines, including: Data modeling, Parsing, Normalization, Enrichment, Routing, Filtering, Replay, Log ingestion

·        Integrate telemetry from cloud, endpoint, network, identity, SaaS, Linux, Windows, and custom applications.

·        Develop and maintain automated playbooks and response workflows using Python and Bash.

·        Support incident response, threat hunting, and SOC operations.

·        Create and maintain: Runbooks, SOPs, Architecture diagrams, Data flow documentation, Knowledge articles

·        Support Tier 1–Tier 3 SOC analysts through troubleshooting, tuning, and knowledge transfer.

·        Monitor SIEM health, ingestion, availability, detection coverage, false positives, MTTD, MTTR, and operational metrics.

·        Ensure platform resilience, backup, recovery, lifecycle management, and change control.

·        Collaborate with security architects, engineers, analysts, and business stakeholders to improve enterprise security capabilities.

 

Required Skills & Experience:

  • Hands-on experience with Palo Alto Cortex XSIAM and Cortex XDR architecture, implementation, administration, and operational support.
  • Experience supporting enterprise SIEM platforms within large multi-tenant environments.
  • Experience supporting 24x7 Security Operations Centers (SOC).
  • Strong detection engineering experience including:
    • Correlation rules
    • Threat hunting
    • Analytics
    • Dashboards
    • Alert tuning
    • False-positive reduction
  • Hands-on Cribl administration including:
    • Data modeling
    • Log pipeline design
    • Parsing
    • Normalization
    • Enrichment
    • Routing
    • Ingestion
  • Experience developing automation using:
    • Python
    • Bash
  • Experience onboarding cloud, endpoint, network, identity, SaaS, Windows, Linux, and custom application telemetry.
  • Strong knowledge of:
    • Enterprise security architecture
    • Incident response
    • Secure system design
    • Networking
    • Identity & Access Management
    • Cybersecurity frameworks

 

Preferred Skills:

·        Excellent written and verbal communication skills.

·        Strong ability to create: Business Requirements Documents (BRD), Functional Requirements Documents (FRD), Use Cases, Process Documentation

·        Experience gathering requirements through stakeholder interviews, policy documents, regulations, and business rules analysis.

·        Knowledge of business modeling techniques and graphical process flow tools.

·        Ability to communicate effectively with: Executive management, Business users, Project managers, Technical teams, External stakeholders

Education
Bachelor's degree in Information Technology, Information Security, Computer Science, or related field.

Eight (8) years of relevant experience may be substituted for the degree requirement.

Minimum five (5) years supporting large enterprise IT environments or system deployments.

 

Preferred Certifications

  • CISSP
  • Security+
  • GIAC
  • Palo Alto Cortex Certification
  • Cribl Certification
  • Other relevant SIEM or cybersecurity certifications


About the Company

S

SUNSHINE ENTERPRISE USA LLC