← Back to Jobs
Remote
Administrative
Remote Security Architect - Consultant - SIEM Engineer
TECHNOCRAFT SOLUTIONSSC🇺🇸United StatesPosted 15 Jul 2026
Why This Role Stands Out
This remote Security Architect role offers a fantastic opportunity to significantly impact a large-scale security environment, with excellent potential for contract extension and professional growth. You'll thrive here if you have extensive experience with Palo Alto Cortex XSIAM and XDR, enjoy complex engineering challenges, and are eager to collaborate with a dedicated enterprise security team. Apply today to leverage your SIEM expertise in this exciting, nationwide remote position.
Quick Overview
Work Type
Remote
Level
Mid Senior
Job Description
Remote Security Architect - Consultant - SIEM Engineer
12+ Months
Columbia, SC 29210
12+ Months
Columbia, SC 29210
The State of South Carolina is looking for a Security Architect - Consultant (SIEM Engineer)
Why is this position open: New Position to assist the Division of Information Security (DIS).
Interview Process: 1-2 Rounds of Virtual Interviews. In person availability for interviews preferred.
Duration of the Contract: 12 Months
Possibility for Extension: Yes
Work Location: Role is 100% Remote. Preference will be given to local candidates who can come to the office as needed for client and departmental meetings, trainings, and other onsite activities.
Candidate location: No South Carolina residency required. Open to nationwide candidates. All travel-related costs for onsite work will be the responsibility of the resource no matter the frequency of onsite work.
Full job description attached and required and preferred skills are listed below.
Why is this position open: New Position to assist the Division of Information Security (DIS).
Interview Process: 1-2 Rounds of Virtual Interviews. In person availability for interviews preferred.
Duration of the Contract: 12 Months
Possibility for Extension: Yes
Work Location: Role is 100% Remote. Preference will be given to local candidates who can come to the office as needed for client and departmental meetings, trainings, and other onsite activities.
Candidate location: No South Carolina residency required. Open to nationwide candidates. All travel-related costs for onsite work will be the responsibility of the resource no matter the frequency of onsite work.
Full job description attached and required and preferred skills are listed below.
SCOPE: THIS POSITION WILL SERVE AS A SIEM ENGINEER WITHIN THE DEPARTMENT OF ADMINISTRATION'S DIVISION OF INFORMATION SECURITY. THE SUCCESSFUL CANDIDATE WILL SHOW EXTENSIVE EXPERIENCE SUCCESSFULLY DESIGNING, IMPLEMENTING, MAINTAINING AND OPTIMIZING PALO ALTO CORTEX XSIAM AND CORTEX XDR IN LARGE-SCALE, MULTI-TENANT SECURITY ENVIRONMENTS. THIS CONTRACTOR WILL WORK WITH A LARGE ENTERPRISE SECURITY TEAM AND A 24X7 SECURITY OPERATIONS CENTER (SOC), ASSISTING FULL-TIME SECURITY ARCHITECTS, ENGINEERS AND ANALYSTS WITH THE DESIGN, IMPLEMENTATION, INTEGRATION AND CONTINUOUS IMPROVEMENT OF SIEM, XDR, DETECTION AND RESPONSE CAPABILITIES SUPPORTING MULTIPLE STATE AGENCIES.
SUCCESSFUL CANDIDATE: THIS CONTRACTOR WILL BE PRIMARILY FOCUSED ON CORTEX XSIAM AND CORTEX XDR ENGINEERING, ADMINISTRATION, DETECTION CONTENT, AUTOMATION AND OPERATIONAL SUPPORT WHILE ALSO PROVIDING IMPORTANT SECONDARY SUPPORT FOR CRIBL DATA MODELING, LOG PIPELINE DESIGN, PARSING, NORMALIZATION, ENRICHMENT AND INGESTION. THE ROLE REQUIRES HANDS-ON EXPERIENCE SUPPORTING BOTH SECURITY ENGINEERING AND SOC OPERATIONS, INCLUDING MULTI-TENANT ONBOARDING, TENANT-SPECIFIC CONFIGURATIONS, ACCESS CONTROLS, DATA SEPARATION, INTEGRATIONS, DASHBOARDS, REPORTING, INCIDENT RESPONSE, THREAT HUNTING, PLAYBOOKS, RUNBOOKS, STANDARD OPERATING PROCEDURES AND ANALYST ENABLEMENT. THE CANDIDATE MUST BE ABLE TO SUPPORT STRATEGIC PLANNING, SOLUTION DESIGN, IMPLEMENTATION, TROUBLESHOOTING, PERFORMANCE OPTIMIZATION AND CONTINUOUS IMPROVEMENT OF SECURE SYSTEMS AND SERVICES.
MANDATORY SCREENING REQUIREMENTS: THESE REQUIREMENTS ARE STRICTLY ENFORCED AND NON-NEGOTIABLE. NO EXCEPTIONS CAN BE GRANTED. CANDIDATES WHO CANNOT PASS THESE REQUIREMENTS WILL NOT BE ELIGIBLE FOR HIRE. ALL APPLICANTS MUST SUCCESSFULLY PASS A FULL CREDIT CHECK AND CRIMINAL BACKGROUND CHECK DURING THE INITIAL HIRING PROCESS. ONCE ONBOARD, THEY MUST OBTAIN AND RETAIN ANNUAL CJIS CERTIFICATION AS PART OF THE ONGOING EMPLOYMENT PROCESS.
OTHER: THIS POSITION IS 100% REMOTE AND WILL PARTICIPATE IN A MONTHLY ON-CALL ROTATION SUPPORTING THE 24X7 SOC. AFTER-HOURS MAINTENANCE, INCIDENT ESCALATION SUPPORT AND OPERATIONAL HANDOFFS MAY BE REQUIRED AS NEEDED.
POSITION TITLE: SECURITY ARCHITECT - CONSULTANT SIEM ENGINEER
PRE-EMPLOYMENT CHECKS: MANDATORY SCREENING REQUIREMENTS: THESE REQUIREMENTS ARE STRICTLY ENFORCED AND NON-NEGOTIABLE. NO EXCEPTIONS CAN BE GRANTED. CANDIDATES WHO CANNOT PASS THESE REQUIREMENTS WILL NOT BE ELIGIBLE FOR HIRE. ALL APPLICANTS MUST SUCCESSFULLY PASS A FULL CREDIT CHECK AND CRIMINAL BACKGROUND CHECK DURING THE INITIAL HIRING PROCESS. ONCE ONBOARD, THEY MUST OBTAIN AND RETAIN ANNUAL CJIS CERTIFICATION AS PART OF THE ONGOING EMPLOYMENT PROCESS.
PRE-EMPLOYMENT CHECKS: MANDATORY SCREENING REQUIREMENTS: THESE REQUIREMENTS ARE STRICTLY ENFORCED AND NON-NEGOTIABLE. NO EXCEPTIONS CAN BE GRANTED. CANDIDATES WHO CANNOT PASS THESE REQUIREMENTS WILL NOT BE ELIGIBLE FOR HIRE. ALL APPLICANTS MUST SUCCESSFULLY PASS A FULL CREDIT CHECK AND CRIMINAL BACKGROUND CHECK DURING THE INITIAL HIRING PROCESS. ONCE ONBOARD, THEY MUST OBTAIN AND RETAIN ANNUAL CJIS CERTIFICATION AS PART OF THE ONGOING EMPLOYMENT PROCESS.
7 YEAR STANDARD BACKGROUND CHECK & CREDIT HISTORY CHECK
DRIVING RECORD (MVR)
10-PANEL DRUG SCREEN
E-VERIFY
SLED CHECK
DRIVING RECORD (MVR)
10-PANEL DRUG SCREEN
E-VERIFY
SLED CHECK
DAILY DUTIES / RESPONSIBILITIES:
THIS POSITION IS 100% REMOTE AND WILL PARTICIPATE IN A MONTHLY ON-CALL ROTATION SUPPORTING A 24X7 SECURITY OPERATIONS CENTER SERVING MULTIPLE STATE AGENCIES. OTHER AFTER-HOURS WORK MAY BE REQUIRED AS NEEDED.
THIS POSITION IS 100% REMOTE AND WILL PARTICIPATE IN A MONTHLY ON-CALL ROTATION SUPPORTING A 24X7 SECURITY OPERATIONS CENTER SERVING MULTIPLE STATE AGENCIES. OTHER AFTER-HOURS WORK MAY BE REQUIRED AS NEEDED.
PRIMARILY ASSIST IN THE PLANNING, DESIGN, DEPLOYMENT, ADMINISTRATION AND OPERATIONAL SUPPORT OF ENTERPRISE SIEM AND XDR CAPABILITIES, INCLUDING:
PALO ALTO CORTEX XSIAM AND CORTEX XDR PLATFORM ENGINEERING, CONFIGURATION, OPTIMIZATION AND TROUBLESHOOTING
MULTI-TENANT AGENCY ONBOARDING, TENANT-SPECIFIC CONFIGURATION, ROLE-BASED ACCESS, DATA SEGREGATION, DASHBOARDS AND REPORTING
DETECTION ENGINEERING, CORRELATION RULES, ANALYTICS, THREAT-HUNTING QUERIES, WATCHLISTS, SUPPRESSION LOGIC AND FALSE-POSITIVE REDUCTION
PALO ALTO CORTEX XSIAM AND CORTEX XDR PLATFORM ENGINEERING, CONFIGURATION, OPTIMIZATION AND TROUBLESHOOTING
MULTI-TENANT AGENCY ONBOARDING, TENANT-SPECIFIC CONFIGURATION, ROLE-BASED ACCESS, DATA SEGREGATION, DASHBOARDS AND REPORTING
DETECTION ENGINEERING, CORRELATION RULES, ANALYTICS, THREAT-HUNTING QUERIES, WATCHLISTS, SUPPRESSION LOGIC AND FALSE-POSITIVE REDUCTION
SECONDARILY ASSIST IN THE PLANNING, DESIGN, DEPLOYMENT AND OPERATIONAL SUPPORT OF LOG MANAGEMENT AND SECURITY DATA PIPELINES, INCLUDING:
CRIBL DATA MODELING, LOG PIPELINE DESIGN, ROUTING, PARSING, NORMALIZATION, ENRICHMENT, FILTERING, REPLAY AND INGESTION
ONBOARDING AND HEALTH MONITORING OF CLOUD, ENDPOINT, NETWORK, IDENTITY, SAAS AND CUSTOM APPLICATION TELEMETRY
LOG VOLUME, RETENTION, PERFORMANCE AND COST OPTIMIZATION WHILE MAINTAINING SECURITY AND COMPLIANCE REQUIREMENTS
INTEGRATIONS WITH TICKETING, CASE MANAGEMENT, NOTIFICATION, IDENTITY, THREAT INTELLIGENCE AND OTHER ENTERPRISE SYSTEMS AS NEEDED
CRIBL DATA MODELING, LOG PIPELINE DESIGN, ROUTING, PARSING, NORMALIZATION, ENRICHMENT, FILTERING, REPLAY AND INGESTION
ONBOARDING AND HEALTH MONITORING OF CLOUD, ENDPOINT, NETWORK, IDENTITY, SAAS AND CUSTOM APPLICATION TELEMETRY
LOG VOLUME, RETENTION, PERFORMANCE AND COST OPTIMIZATION WHILE MAINTAINING SECURITY AND COMPLIANCE REQUIREMENTS
INTEGRATIONS WITH TICKETING, CASE MANAGEMENT, NOTIFICATION, IDENTITY, THREAT INTELLIGENCE AND OTHER ENTERPRISE SYSTEMS AS NEEDED
DEVELOP, TEST, DEPLOY AND MAINTAIN AUTOMATED RESPONSE WORKFLOWS AND PLAYBOOKS FOR ENRICHMENT, TRIAGE, CONTAINMENT, ESCALATION, NOTIFICATIONS, CASE MANAGEMENT AND INCIDENT RESPONSE.
CREATE AND MAINTAIN OPERATIONAL RUNBOOKS, STANDARD OPERATING PROCEDURES, ESCALATION MATRICES, TROUBLESHOOTING GUIDES, ARCHITECTURE DIAGRAMS, DATA-FLOW DOCUMENTATION, USE-CASE CATALOGS AND ANALYST KNOWLEDGE ARTICLES.
SUPPORT TIER 1 THROUGH TIER 3 SOC ANALYSTS AND INCIDENT RESPONDERS THROUGH PLATFORM TROUBLESHOOTING, DETECTION TUNING, THREAT HUNTING, TECHNICAL ESCALATION, KNOWLEDGE TRANSFER AND SHIFT HANDOFFS.
MONITOR AND REPORT ON INGESTION HEALTH, PLATFORM AVAILABILITY, ALERT VOLUMES, DETECTION COVERAGE, FALSE POSITIVES, SERVICE LEVELS, MEAN TIME TO DETECT, MEAN TIME TO RESPOND AND TENANT-SPECIFIC OPERATIONAL METRICS.
ENSURE HIGH AVAILABILITY, RESILIENCE, BACKUP, RECOVERY, LIFECYCLE MANAGEMENT AND CONTROLLED CHANGE PROCESSES FOR SIEM, XDR AND SUPPORTING LOG PIPELINE SERVICES.
COLLABORATE WITH SECURITY ARCHITECTS, ENGINEERS, ANALYSTS AND AGENCY STAKEHOLDERS TO ALIGN SOLUTIONS WITH BUSINESS GOALS, INDUSTRY-STANDARD FRAMEWORKS, REGULATORY REQUIREMENTS AND ORGANIZATIONAL RISK TOLERANCE.
REQUIRED SKILLS (RANK IN ORDER OF IMPORTANCE):
HANDS-ON PALO ALTO CORTEX XSIAM AND CORTEX XDR DESIGN, IMPLEMENTATION, ADMINISTRATION AND OPERATIONAL SUPPORT.
Experience engineering and supporting SIEM capabilities for multi-tenant environments and 24x7 Security Operations Center operations.
Experience developing and tuning detections, correlation rules, analytics, threat-hunting queries, dashboards, reporting and alert suppression logic.
Strong experience creating and managing complex playbooks
CRIBL DATA MODELING, LOG PIPELINE DESIGN, PARSING, NORMALIZATION, ENRICHMENT, ROUTING AND INGESTION.
Experience developing automation, integrations, playbooks and response workflows using scripting languages such as Python and Bash.
Experience engineering and supporting SIEM capabilities for multi-tenant environments and 24x7 Security Operations Center operations.
Experience developing and tuning detections, correlation rules, analytics, threat-hunting queries, dashboards, reporting and alert suppression logic.
Strong experience creating and managing complex playbooks
CRIBL DATA MODELING, LOG PIPELINE DESIGN, PARSING, NORMALIZATION, ENRICHMENT, ROUTING AND INGESTION.
Experience developing automation, integrations, playbooks and response workflows using scripting languages such as Python and Bash.
Experience onboarding and troubleshooting telemetry from cloud, endpoint, network, identity, SaaS, Linux, Windows and custom application sources.
Strong understanding of enterprise security architecture, incident response, networking, access control, secure system design and industry-standard cybersecurity frameworks.
PREFERRED SKILLS (RANK IN ORDER OF IMPORTANCE):
HANDS-ON EXPERIENCE OPERATING CORTEX XSIAM AND CORTEX XDR IN A LARGE, MULTI-TENANT ENVIRONMENT.
Hands-on Cribl administration, data modeling and log pipeline optimization experience.
Experience supporting Tier 1 through Tier 3 SOC analysts, threat hunting, incident response and 24x7 operational handoffs.
Familiarity with industry-standard security and compliance frameworks and experience developing playbooks, runbooks, procedures and technical documentation.
REQUIRED EDUCATION/CERTIFICATIONS:
BACHELOR'S DEGREE IN AN
INFORMATION TECHNOLOGY OR
INFORMATION SECURITY RELATED
FIELD
EIGHT YEARS OF RELEVANT WORK
EXPERIENCE MAY BE SUBSTITUTED IN LIEU OF EDUCATION
FIVE YEARS OF EXPERIENCE IN SUPPORTING LARGE IT ENVIRONMENTS AND/OR SYSTEM DEPLOYMENTS PREFERRED EDUCATION/CERTIFICATIONS:
CISSP, Security+ or GIAC certification
Palo Alto Cortex, Cribl or other relevant SIEM/security platform certification
Strong understanding of enterprise security architecture, incident response, networking, access control, secure system design and industry-standard cybersecurity frameworks.
PREFERRED SKILLS (RANK IN ORDER OF IMPORTANCE):
HANDS-ON EXPERIENCE OPERATING CORTEX XSIAM AND CORTEX XDR IN A LARGE, MULTI-TENANT ENVIRONMENT.
Hands-on Cribl administration, data modeling and log pipeline optimization experience.
Experience supporting Tier 1 through Tier 3 SOC analysts, threat hunting, incident response and 24x7 operational handoffs.
Familiarity with industry-standard security and compliance frameworks and experience developing playbooks, runbooks, procedures and technical documentation.
REQUIRED EDUCATION/CERTIFICATIONS:
BACHELOR'S DEGREE IN AN
INFORMATION TECHNOLOGY OR
INFORMATION SECURITY RELATED
FIELD
EIGHT YEARS OF RELEVANT WORK
EXPERIENCE MAY BE SUBSTITUTED IN LIEU OF EDUCATION
FIVE YEARS OF EXPERIENCE IN SUPPORTING LARGE IT ENVIRONMENTS AND/OR SYSTEM DEPLOYMENTS PREFERRED EDUCATION/CERTIFICATIONS:
CISSP, Security+ or GIAC certification
Palo Alto Cortex, Cribl or other relevant SIEM/security platform certification
Similar jobs
Information Systems Security Engineer / ISSE (HPC) with Security Clearance
American Systems Corporation · Arlington, United States
28 minutes ago$165k - $200k/yrCyber IT Specialist - 1st Shift Lead with Security Clearance
Peraton · Beltsville, United States
38 minutes ago$80k - $128k/yrJourneyman Cyber Security Engineer (Splunk/TS) - USSOCOM EDAT Ze with Security Clearance
Kentro · Tampa, United States
38 minutes agoJr Information System Security Engineer (ISSE) with Security Clearance
Peraton · Washington, United States
38 minutes ago$112k - $179k/yrInformation Security Engineer 3 - Contingent
PTR Global · Charlotte, United States
1 hour ago$55 - $60/hrJr Information System Security Engineer (ISSE) with Security Clearance
Peraton · Annapolis Junction, United States
1 hour ago$112k - $179k/yr