← Back to Jobs
Remote
Administrative
Security Architect - Consultant - SIEM Engineer for Remote Work
SyntricateColumbia, SC🇺🇸United StatesPosted 15 Jul 2026
Quick Overview
Work Type
Remote
Level
Mid Senior
Job Description
Requisition Name: Security Architect - Consultant - SIEM Engineer
Work Address – Remote Work - 100% Remote. Preference will be given to local candidates who can come to the office as needed for client and departmental meetings, trainings, and other onsite activities.).
Duration of the Contract: 12 Months
Possibility for Extension: Yes
Security Architect - Consultant – SIEM Engineer
Daily Duties and Responsibilities
Required Skills (Ranked in Order of Importance)
Preferred Skills (Ranked in Order of Importance)
Required Education and Certifications
Preferred Education and Certifications
Work Address – Remote Work - 100% Remote. Preference will be given to local candidates who can come to the office as needed for client and departmental meetings, trainings, and other onsite activities.).
Duration of the Contract: 12 Months
Possibility for Extension: Yes
Security Architect - Consultant – SIEM Engineer
Daily Duties and Responsibilities
- This position is 100% remote and participates in a monthly on-call rotation supporting a 24x7 Security Operations Center serving multiple state agencies. Additional after-hours work may be required as needed.
- Enterprise SIEM and XDR
- Primarily assist in the planning, design, deployment, administration, and operational support of enterprise SIEM and XDR capabilities, including:
- Palo Alto Cortex XSIAM and Cortex XDR platform engineering, configuration, optimization, and troubleshooting
- Multi-tenant agency onboarding, tenant-specific configuration, role-based access, data segregation, dashboards, and reporting
- Detection engineering, correlation rules, analytics, threat-hunting queries, watchlists, suppression logic, and false-positive reduction
- Log Management and Security Data Pipelines
- Secondarily assist in the planning, design, deployment, and operational support of log management and security data pipelines, including:
- Cribl data modeling, log pipeline design, routing, parsing, normalization, enrichment, filtering, replay, and ingestion
- Onboarding and health monitoring of cloud, endpoint, network, identity, SaaS, and custom application telemetry
- Log volume, retention, performance, and cost optimization while maintaining security and compliance requirements
- Integrations with ticketing, case management, notification, identity, threat intelligence, and other enterprise systems as needed
Additional Responsibilities - Develop, test, deploy, and maintain automated response workflows and playbooks for enrichment, triage, containment, escalation, notifications, case management, and incident response.
- Create and maintain operational runbooks, standard operating procedures, escalation matrices, troubleshooting guides, architecture diagrams, data-flow documentation, use-case catalogs, and analyst knowledge articles.
- Support Tier 1 through Tier 3 SOC analysts and incident responders through platform troubleshooting, detection tuning, threat hunting, technical escalation, knowledge transfer, and shift handoffs.
- Monitor and report on ingestion health, platform availability, alert volumes, detection coverage, false positives, service levels, mean time to detect, mean time to respond, and tenant-specific operational metrics.
- Ensure high availability, resilience, backup, recovery, lifecycle management, and controlled change processes for SIEM, XDR, and supporting log pipeline services.
- Collaborate with security architects, engineers, analysts, and agency stakeholders to align solutions with business goals, industry-standard frameworks, regulatory requirements, and organizational risk tolerance.
Required Skills (Ranked in Order of Importance)
- Hands-on Palo Alto Cortex XSIAM and Cortex XDR design, implementation, administration, and operational support.
- Experience engineering and supporting SIEM capabilities for multi-tenant environments and 24x7 Security Operations Center operations.
- Experience developing and tuning detections, correlation rules, analytics, threat-hunting queries, dashboards, reporting, and alert suppression logic.
- Strong experience creating and managing complex playbooks.
- Cribl data modeling, log pipeline design, parsing, normalization, enrichment, routing, and ingestion.
- Experience developing automation, integrations, playbooks, and response workflows using scripting languages such as Python and Bash.
- Experience onboarding and troubleshooting telemetry from cloud, endpoint, network, identity, SaaS, Linux, Windows, and custom application sources.
- Strong understanding of enterprise security architecture, incident response, networking, access control, secure system design, and industry-standard cybersecurity frameworks.
Preferred Skills (Ranked in Order of Importance)
- Hands-on experience operating Cortex XSIAM and Cortex XDR in a large, multi-tenant environment.
- Hands-on Cribl administration, data modeling, and log pipeline optimization experience.
- Experience supporting Tier 1 through Tier 3 SOC analysts, threat hunting, incident response, and 24x7 operational handoffs.
- Familiarity with industry-standard security and compliance frameworks and experience developing playbooks, runbooks, procedures, and technical documentation.
Required Education and Certifications
- Bachelor''s degree in an Information Technology or Information Security-related field.
- Eight years of relevant work experience may be substituted in lieu of education.
- Five years of experience supporting large IT environments and/or system deployments.
Preferred Education and Certifications
- CISSP, Security+, or GIAC certification.
- Palo Alto Cortex, Cribl, or other relevant SIEM/security platform certification.
Similar jobs
Vendor Security Management Specialist
StratEdge It consulting INC · Austin, United States
1 hour agoJourneyman Cyber Security Engineer (Splunk/TS) - USSOCOM EDAT Zero Trust
Kentro · Tampa, United States
2 hours agoJourneyman Cyber Security Engineer (Splunk/SIPR) - USSOCOM EDAT Zero Trust
Kentro · Tampa, United States
2 hours agoProduct Security Analyst (Mid-Senior) with Security Clearance
Boeing · Seattle, United States
3 hours ago$148.8k - $201.3k/yrSenior Splunk Cyber Security Engineer
MANTECH · Chantilly, United States
3 hours agoSAP Security Analyst
SAIC · Arlington, United States
4 hours ago$120.0k - $160k/yr