InterSources Inc

Security Architect – Consultant (SIEM Engineer)

⭐ - Featured Role | Apply direct with Data Freelance Hub
This role is for a Security Architect – Consultant (SIEM Engineer) for a 12-month contract, paying "pay rate". It requires expertise in Palo Alto Cortex XSIAM/XDR, SIEM engineering, and automation using Python/Bash, with a strong background in large-scale security environments.
🌎 - Country
United States
💱 - Currency
$ USD
-
💰 - Day rate
Unknown
-
🗓️ - Date
July 16, 2026
🕒 - Duration
More than 6 months
-
🏝️ - Location
Remote
-
📄 - Contract
Unknown
-
🔒 - Security
Unknown
-
📍 - Location detailed
Columbia, SC
-
🧠 - Skills detailed
#Documentation #Cybersecurity #"ETL (Extract #Transform #Load)" #Python #SaaS (Software as a Service) #Deployment #Data Modeling #Compliance #Security #Bash #Scala #Scripting #Computer Science #Dataflow #Normalization #Linux #Alation #Automation #Cloud
Role description
Title: Security Architect – Consultant (SIEM Engineer) – (12751) Location: Columbia, SC 29210100% Remote Candidate Location: Open to nationwide candidates; South Carolina residency is not required (Preference will be given to local candidates who can come to the office as needed for client and departmental meetings, trainings, and other onsite activities.) Contract Duration: 12 Months Interview Process: 1–2 virtual interview rounds; candidates available for an in-person interview are preferred Position Overview: The selected consultant will design, implement, administer, maintain, and optimize Palo Alto Cortex XSIAM and Cortex XDR solutions across large-scale, multi-tenant security environments. The consultant will work closely with enterprise security architects, engineers, incident responders, and Tier 1 through Tier 3 SOC analysts supporting multiple state agencies. The primary focus of this role is Cortex XSIAM and Cortex XDR engineering, detection content, automation, administration, and operational support. The consultant will also provide secondary support for Cribl data modeling, security log pipeline engineering, parsing, normalization, enrichment, routing, and ingestion. This position is fully remote and participates in a monthly on-call rotation supporting a 24x7 Security Operations Center. After-hours maintenance, incident escalation support, and operational handoffs may be required. Key Responsibilities • Design, deploy, configure, administer, optimize, and troubleshoot Palo Alto Cortex XSIAM and Cortex XDR platforms. • Engineer and support enterprise SIEM and XDR capabilities within large-scale, multi-tenant security environments. • Support agency onboarding, tenant-specific configuration, role-based access control, data segregation, dashboards, and reporting. • Develop, test, tune, and maintain detections, correlation rules, analytics, threat-hunting queries, watchlists, and alert suppression logic. • Reduce false positives while improving detection coverage, accuracy, and operational effectiveness. • Create, manage, and optimize complex automated response workflows and security playbooks. • Develop automation and integrations using Python, Bash, APIs, and other scripting technologies. • Design and administer Cribl data models and security log pipelines. • Perform log parsing, normalization, enrichment, filtering, routing, replay, transformation, and ingestion. • Onboard and troubleshoot telemetry from cloud platforms, endpoints, networks, identity systems, SaaS applications, Linux, Windows, and custom applications. • Monitor ingestion health, platform availability, alert volumes, false positives, detection coverage, service levels, and tenant-specific operational metrics. • Optimize log volumes, retention, platform performance, and data-ingestion costs while maintaining security and compliance requirements. • Integrate SIEM and XDR platforms with ticketing, case-management, notification, identity, threat-intelligence, and enterprise systems. • Develop automated workflows for enrichment, triage, containment, escalation, notification, case management, and incident response. • Support Tier 1 through Tier 3 SOC analysts through platform troubleshooting, detection tuning, threat hunting, technical escalation, knowledge transfer, and shift handoffs. • Create and maintain runbooks, standard operating procedures, escalation matrices, troubleshooting guides, architecture diagrams, data-flow documentation, use-case catalogs, and analyst knowledge articles. • Ensure high availability, resiliency, backup, recovery, lifecycle management, and controlled change processes for SIEM, XDR, and supporting log pipeline services. • Collaborate with security architects, engineers, analysts, and agency stakeholders to align solutions with business requirements, regulatory standards, cybersecurity frameworks, and organizational risk tolerance. • Participate in a monthly on-call rotation supporting a 24x7 SOC and provide after-hours maintenance or incident support as required. Required Skills • Bachelor’s degree in Information Technology, Information Security, Cybersecurity, Computer Science, or a related field. • Eight or more years of relevant professional experience may be substituted in place of the degree requirement. • Five or more years of experience supporting large IT environments and/or enterprise system deployments. • Hands-on experience with Palo Alto Cortex XSIAM and Cortex XDR design, implementation, administration, configuration, optimization, troubleshooting, and operational support. • Experience engineering and supporting SIEM capabilities in large-scale, multi-tenant environments. • Experience supporting 24x7 Security Operations Center operations. • Experience developing and tuning detections, correlation rules, analytics, threat-hunting queries, dashboards, reporting, watchlists, and alert suppression logic. • Strong experience creating, maintaining, and managing complex security playbooks. • Hands-on experience with Cribl data modeling and security log pipeline design. • Experience with log parsing, normalization, enrichment, filtering, routing, replay, and ingestion. • Experience developing automation, integrations, response workflows, and playbooks using Python and Bash. • Experience onboarding, integrating, and troubleshooting telemetry from cloud, endpoint, network, identity, SaaS, Linux, Windows, and custom application sources. • Strong understanding of enterprise security architecture, incident response, networking, access control, secure system design, and cybersecurity frameworks. • Ability to support strategic planning, solution design, implementation, troubleshooting, performance optimization, and continuous security improvement. • Strong technical documentation, troubleshooting, communication, and cross-functional collaboration skills. Preferred Skills • Hands-on experience operating Cortex XSIAM and Cortex XDR in a large, multi-tenant enterprise environment. • Hands-on Cribl administration, data modeling, pipeline development, and log pipeline optimization experience. • Experience supporting Tier 1, Tier 2, and Tier 3 SOC analysts. • Experience with threat hunting, incident response, operational escalation, and 24x7 shift handoffs. • Experience developing security playbooks, runbooks, procedures, escalation matrices, and technical documentation. • Familiarity with industry-standard security and compliance frameworks. • CISSP, CompTIA Security+, GIAC, or a comparable security certification. • Palo Alto Cortex, Cribl, SIEM, XDR, or another relevant security-platform certification. • Previous experience supporting government, regulated, or large enterprise security environments.