Design, implement, and optimize Palo Alto Cortex XSIAM and XDR platforms for a multi-tenant SOC serving state agencies. Develop detection rules, automation playbooks, and incident response processes using Python and Bash. Support Tier 1-3 SOC analysts and maintain enterprise security architecture documentation.
Key Highlights
Key Responsibilities
Technical Skills Required
Benefits & Perks
Nice to Have
Job Description
Position: Security Architect – Consultant (SIEM Engineer)
Employment Type: Contract (W2)
Duration: 12 Months (High possibility of extension)
Location: 100% Remote (Preference for local South Carolina candidates who can attend occasional onsite meetings. Nationwide candidates are welcome.)
Interview Process: 1–2 Virtual Interview Rounds
Job Summary
The Client is seeking an experienced SIEM Engineer to support the Division of Information Security (DIS). This is a newly created engineering role focused on designing, implementing, optimizing, and supporting Palo Alto Cortex XSIAM, Cortex XDR, and Cribl within a large-scale, multi-tenant Security Operations Center (SOC) environment serving multiple state agencies.
Key Responsibilities
- Design, implement, administer, and optimize Palo Alto Cortex XSIAM and Cortex XDR platforms.
- Engineer and support enterprise SIEM capabilities for multi-tenant environments.
- Develop and tune detection rules, correlation logic, threat-hunting queries, dashboards, and alert suppression.
- Build and maintain automation workflows, playbooks, and incident response processes using Python and Bash.
- Configure and optimize Cribl log pipelines, data modeling, parsing, normalization, enrichment, routing, and ingestion.
- Integrate cloud, endpoint, network, identity, SaaS, Linux, Windows, and custom application telemetry.
- Support Tier 1–Tier 3 SOC analysts through troubleshooting, threat hunting, and operational guidance.
- Create runbooks, SOPs, architecture documentation, and technical knowledge articles.
- Participate in a monthly on-call rotation supporting a 24x7 Security Operations Center.
Interested in remote work opportunities in Cyber Security? Discover Cyber Security Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.
Required Skills
- Bachelor's degree in Information Technology, Information Security, or a related field (8+ years of relevant experience may substitute for education).
- 5+ years supporting large enterprise IT environments or system deployments.
- Hands-on experience with Palo Alto Cortex XSIAM and Cortex XDR.
- Strong experience supporting SIEM platforms in multi-tenant enterprise environments.
- Experience with detection engineering, correlation rules, analytics, dashboards, and threat hunting.
- Strong experience creating and managing complex automation playbooks.
- Hands-on experience with Cribl data modeling, log pipelines, parsing, normalization, enrichment, and ingestion.
- Experience using Python and Bash for automation and integrations.
- Experience onboarding telemetry from cloud, endpoint, network, identity, SaaS, Linux, Windows, and custom applications.
- Strong understanding of enterprise security architecture, incident response, networking, access control, and cybersecurity frameworks.
Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.
Preferred Qualifications
- CISSP, Security+, or GIAC certification.
- Palo Alto Cortex, Cribl, or other SIEM/security platform certifications.
- Experience supporting Tier 1–Tier 3 SOC operations.
- Experience with security documentation, playbooks, and operational procedures.
Similar Jobs
Explore other opportunities that match your interests