Title: Security Architect - Consultant (SIEM Engineer)
Duration: 12 Months
Remote
Why is this position open: New Position to assist the Division of Information Security (DIS).
Interview Process: 1-2 Rounds of Virtual Interviews. In person availability for interviews preferred.
Work Location: Role is 100% Remote. Preference will be given to local candidates who can come to the office as needed for client and departmental meetings, trainings, and other onsite activities.
Candidate location: No South Carolina residency required. Open to nationwide candidates. All travel-related costs for onsite work will be the responsibility of the resource no matter the frequency of onsite work.
Required Skills
- Bachelor's Degree in an Information Technology or Information Security related field (8+ years of relevant work experience may be substituted in lieu of education)
- 5+ years of experience support large IT environments and/or system deployments
- Hands-on experience with Palo Alto Cortex, XSIAM, and Cortex XDR design, implementation, administration and operational support.
- Experience engineering and supporting SIEM capabilities for multi-tenant environments and 24x7 Security Operations Center operations.
- Experience developing and tuning detections, correlation rules, analytics, threat-hunting queries, dashboards, reporting and alert suppression logic.
- Experience creating and managing complex playbooks
- CRIBL Data Modeling, log pipeline design, parsing, normalization, enrichment, routing and ingestion.
- Experience developing automation, integrations, playbooks and response workflows using scripting languages such as Python and Bash.
- Experience onboarding and troubleshooting telemetry from cloud, endpoint, network, identity, SaaS, Linux, Windows and custom application sources.
- Strong understanding of enterprise security architecture, incident response, networking, access control, secure system design and industry-standard cybersecurity frameworks.
Preferred Skills
- CISSP, Security+ or GIAC certification
- Palo Alto Cortex, Cribl or other relevant SIEM/security platform certification
- Hands-on experience operating Cortex XSIAM and Cortex XDR in a large, multi-tenant environment.
- Hands-on Cribl administration, data modeling and log pipeline optimization experience.
- Experience supporting Tier 1 through Tier 3 SOC analysts, threat hunting, incident response and 24x7 operational handoffs.
- Familiarity with industry-standard security and compliance frameworks and experience developing playbooks, runbooks, procedures and technical documentation.