W3Global
Security Data Architect (SIEM Data Pipeline)
⭐ - Featured Role | Apply direct with Data Freelance Hub
This role is for a Security Data Architect (SIEM Data Pipeline) for a 12-month remote contract, offering a competitive pay rate. Key requirements include 10+ years in Cybersecurity, 5+ years with Cribl, and proficiency in JavaScript or Python. Cribl certification is desired.
🌎 - Country
United States
💱 - Currency
$ USD
-
💰 - Day rate
Unknown
-
🗓️ - Date
February 3, 2026
🕒 - Duration
More than 6 months
-
🏝️ - Location
Remote
-
📄 - Contract
Unknown
-
🔒 - Security
Unknown
-
📍 - Location detailed
Washington, United States
-
🧠 - Skills detailed
#Security #Storage #Documentation #Data Architecture #Snowflake #NiFi (Apache NiFi) #"ETL (Extract #Transform #Load)" #Compliance #Data Pipeline #Groovy #Scala #JavaScript #Data Lineage #Anomaly Detection #Metadata #Observability #Python #Monitoring #Strategy #Cybersecurity #Normalization #Scripting
Role description
Role: Security Data Architect (SIEM Data Pipeline)
Duration: 12 Months
Location: Remote
Overview
We are seeking a Security Data Architect with strong Cribl knowledge to drive the design and evolution of advanced security‑telemetry data ecosystems. In this role, you will define the end‑to‑end architecture and engineering strategy required to orchestrate, normalize, and transform large‑scale, highly diverse security data flows.
You will guide the modernization of ingestion patterns across 100+ legacy and emerging Cybersecurity data sources, ensuring resilient, secure, and high‑fidelity movement of telemetry between platforms. As a principal contributor to our SIEM modernization initiative, you will architect and oversee data pipelines built on Cribl, Vector, and other platforms.
Work Required
• Architect scalable, reusable security‑telemetry pipelines using Cribl, NiFi, Vector, and related platforms, ensuring consistent ingestion across 100+ diverse data sources.
• Develop platform‑agnostic ingestion frameworks and modular patterns supporting multiple protocols and destinations (syslog, HTTP, Event Hubs, Snowflake, ADX, etc.).
• Define multi‑year ingestion and transformation roadmaps, including modernization phases, platform standards, and scalable architectural guardrails.
• Set enterprise governance models for schema evolution, onboarding new data sources, transformation quality, and versioning.
• Drive platform consolidation and rationalization, identifying redundant ingestion patterns and unifying them into enterprise‑wide frameworks.
• Create reference architectures, reusable design patterns, and standardized pipeline blueprints adopted by all engineering teams.
• Provide technical mentorship to senior engineers, guiding architectural thinking and deep‑system design approaches.
• Influence cross‑organizational strategy, aligning ingestion and transformation capabilities with threat‑detection, compliance, SIEM modernization, and data‑analytics roadmaps.
• Evaluate emerging technologies, assessing fit, integration patterns, and long‑term viability for enterprise-scale telemetry processing.
• Lead adoption of OCSF‑based normalization, including field mapping, schema validation, and portable transformation templates.
• Implement advanced data transformation logic (filtering, enrichment, routing, format conversion) using Groovy, Python, or JavaScript while enforcing strict governance and security controls.
• Ensure complete data lineage and traceability across ingestion, transformation, and storage layers, including metadata tagging and audit‑ready tracking.
• Integrate pipeline‑level observability: health monitoring, error handling, transformation failure alerts, and anomaly detection.
• Validate high‑fidelity data delivery to analytics and SIEM platforms, minimizing data loss, duplication, and drift.
• Lead cross‑functional design sessions, technology evaluations, and architecture reviews for large‑scale security telemetry ecosystems.
• Maintain centralized documentation for ingestion patterns, schema definitions, transformations, and governance standards.
Experience Required
• 10+ Years of experience working in Cybersecurity
• 5+ Years of experience on CRIBL
• Cribl Certified Engineer (Architect desired)
• 5+ Years of experience on JavaScript, python, or other scripting language
Role: Security Data Architect (SIEM Data Pipeline)
Duration: 12 Months
Location: Remote
Overview
We are seeking a Security Data Architect with strong Cribl knowledge to drive the design and evolution of advanced security‑telemetry data ecosystems. In this role, you will define the end‑to‑end architecture and engineering strategy required to orchestrate, normalize, and transform large‑scale, highly diverse security data flows.
You will guide the modernization of ingestion patterns across 100+ legacy and emerging Cybersecurity data sources, ensuring resilient, secure, and high‑fidelity movement of telemetry between platforms. As a principal contributor to our SIEM modernization initiative, you will architect and oversee data pipelines built on Cribl, Vector, and other platforms.
Work Required
• Architect scalable, reusable security‑telemetry pipelines using Cribl, NiFi, Vector, and related platforms, ensuring consistent ingestion across 100+ diverse data sources.
• Develop platform‑agnostic ingestion frameworks and modular patterns supporting multiple protocols and destinations (syslog, HTTP, Event Hubs, Snowflake, ADX, etc.).
• Define multi‑year ingestion and transformation roadmaps, including modernization phases, platform standards, and scalable architectural guardrails.
• Set enterprise governance models for schema evolution, onboarding new data sources, transformation quality, and versioning.
• Drive platform consolidation and rationalization, identifying redundant ingestion patterns and unifying them into enterprise‑wide frameworks.
• Create reference architectures, reusable design patterns, and standardized pipeline blueprints adopted by all engineering teams.
• Provide technical mentorship to senior engineers, guiding architectural thinking and deep‑system design approaches.
• Influence cross‑organizational strategy, aligning ingestion and transformation capabilities with threat‑detection, compliance, SIEM modernization, and data‑analytics roadmaps.
• Evaluate emerging technologies, assessing fit, integration patterns, and long‑term viability for enterprise-scale telemetry processing.
• Lead adoption of OCSF‑based normalization, including field mapping, schema validation, and portable transformation templates.
• Implement advanced data transformation logic (filtering, enrichment, routing, format conversion) using Groovy, Python, or JavaScript while enforcing strict governance and security controls.
• Ensure complete data lineage and traceability across ingestion, transformation, and storage layers, including metadata tagging and audit‑ready tracking.
• Integrate pipeline‑level observability: health monitoring, error handling, transformation failure alerts, and anomaly detection.
• Validate high‑fidelity data delivery to analytics and SIEM platforms, minimizing data loss, duplication, and drift.
• Lead cross‑functional design sessions, technology evaluations, and architecture reviews for large‑scale security telemetry ecosystems.
• Maintain centralized documentation for ingestion patterns, schema definitions, transformations, and governance standards.
Experience Required
• 10+ Years of experience working in Cybersecurity
• 5+ Years of experience on CRIBL
• Cribl Certified Engineer (Architect desired)
• 5+ Years of experience on JavaScript, python, or other scripting language
