Location
Remote
Experience Level
Senior Level (5 or more years of experience)
Role Overview
This Security Architect and SIEM Engineer position serves within the cybersecurity division of a major public sector state agency. This role directly supports large-scale SIEM architecture and 24x7 Security Operations Center (SOC) operations. The primary focus lies on Palo Alto Cortex XSIAM and Cortex XDR platform engineering, administration, and automation, with secondary support for Cribl data modeling and security log pipeline design. Operating on a 12-month contract with a high possibility of extension, the engineer collaborates with enterprise security teams and analysts to implement, optimize, and secure multi-tenant cloud and endpoint environments across multiple state agencies. This role includes a monthly after-hours on-call rotation to support the 24x7 SOC.
Key Responsibilities
SIEM & XDR Platform Engineering
• Plan, design, deploy, administer, and optimize Palo Alto Cortex XSIAM and Cortex XDR platforms across a large-scale, multi-tenant environment.
• Lead multi-tenant agency onboarding, tenant-specific configurations, role-based access controls (RBAC), and logical data segregation.
• Design, configure, and maintain operational dashboards, alert telemetry, and compliance reporting tools for multiple agencies.
Detection Engineering & Automation
• Develop, test, and tune high-fidelity detections, correlation rules, threat-hunting queries, watchlists, and false-positive suppression logic.
• Create, test, deploy, and maintain automated response playbooks, workflows, and integrations using scripting languages (such as Python and Bash) to streamline incident enrichment, containment, and triage.
• Support Tier 1 through Tier 3 SOC analysts and incident responders through system troubleshooting, platform tuning, and knowledge transfers.
Log Management & Data Pipeline Optimization
• Plan, design, deploy, and support log management pipelines utilizing Cribl for data modeling, routing, parsing, normalization, and enrichment.
• Onboard and monitor the ingestion health of cloud, endpoint, network, identity, SaaS, Linux, Windows, and custom application telemetry sources.
• Optimize log ingestion volumes, retention policies, and platform performance to align with strict compliance requirements and cost-efficiency goals.
Governance, Documentation, & Compliance
• Author and maintain operational runbooks, Standard Operating Procedures (SOPs), escalation matrices, architecture diagrams, and analyst knowledge articles.
• Ensure high availability, platform resilience, automated backups, disaster recovery readiness, and controlled change management processes for SIEM and log services.
• Align implemented solutions with industry-standard security frameworks, regulatory guidelines, and organizational risk tolerance.
Required Qualifications
• 5 or more years of professional experience supporting large-scale enterprise IT environments and/or complex system deployments.
• Proven, hands-on experience in the design, implementation, administration, and operational support of Palo Alto Cortex XSIAM and Cortex XDR platforms.
• Demonstrated experience engineering and supporting enterprise SIEM capabilities within multi-tenant environments and 24x7 Security Operations Center (SOC) operations.
• Experience developing, testing, and tuning detections, correlation rules, analytics, threat-hunting queries, dashboards, and alert suppression logic.
• Strong experience creating and managing complex automated security playbooks and incident response workflows.
• Hands-on experience with Cribl data modeling, security log pipeline design, parsing, normalization, enrichment, routing, and data ingestion.
• Experience developing automated workflows, platform integrations, and scripts using Python and Bash.
• Experience onboarding and troubleshooting telemetry streams from cloud, endpoint, network, identity, SaaS, Linux, Windows, and custom application sources.
• Comprehensive understanding of enterprise security architecture, incident response protocols, networking, access control models, and secure system design.
• Bachelor's degree in an Information Technology or Information Security-related field (8 or more years of relevant work experience may be substituted in lieu of education).
• Ability to successfully pass a full credit check and criminal background check, with the requirement to obtain and retain annual CJIS certification once onboard.
Preferred Qualifications
• Hands-on experience administering and operating Palo Alto Cortex XSIAM and Cortex XDR in a very large, multi-tenant public sector environment.
• Advanced Cribl administration, data modeling, and log pipeline performance optimization experience.
• Experience supporting Tier 1 through Tier 3 SOC analyst handoffs, threat hunting, and 24x7 operational escalation processes.
• Familiarity with industry-standard security and compliance frameworks, and experience developing technical documentation (SOPs, runbooks, procedures).
• Professional industry certifications such as CISSP, Security+, GIAC, Palo Alto Cortex, or Cribl.
Core Skills & Attributes
• Advanced analytical, troubleshooting, and problem-solving skills to resolve complex pipeline and platform issues.
• Strong communication and collaboration skills to interact with agency stakeholders, security engineers, and external vendors.
• Highly organized with a structured approach to managing strategic planning, change control, and system documentation.
• Ability to work independently in a 100% remote capacity and participate effectively in a monthly after-hours on-call rotation.
This is a remote position.