Lead all current state analysis: ingest volume baseline, use case library maturity audit, XDR/SIEM convergence analysis, data lake evaluation, DLP posture assessment, and retention gap analysis
Populate and validate a proprietary multi-vendor SIEM scoring dashboard using actual client contract and usage data
Build a 3-year total cost of ownership model across five vendor platforms
Produce the following deliverables under the direction of the Engagement Lead: Current State Findings Summary, Vendor Recommendation Report, Target State Architecture Overview, SIEM Assessment Dashboard, Phase 2 Roadmap Framework
Participate in and provide technical defense during two client-facing working sessions (90 min each, video call)
Mentor a junior Cybersecurity Engineer Analyst on the team throughout the engagement
Work directly alongside the Dragonfli Engagement Lead (CEO) on all client interactions

7+ years of hands-on SIEM experience — architecture, deployment, and ongoing operations
Deep platform expertise in at least two of: Splunk (Enterprise or Cloud), Microsoft Sentinel, Rapid7 InsightIDR
Experience evaluating SIEM platforms in an enterprise environment — vendor scoring, cost modeling, architecture trade-off analysis
Ability to produce client-ready written deliverables: findings summaries, recommendation reports, architecture overviews
Comfortable presenting and defending technical analysis in front of a client security team
Experience working independently on tight timelines with minimal oversight
Ability to mentor and develop a junior team member
Preferred: Experience with SentinelOne Singularity or comparable XDR/data lake platforms
Background in regulated industries: financial services, legal, healthcare, or federal government
Familiarity with Cribl Stream or data routing/tiering architectures
CISSP, GCTI, Splunk Certified Architect, or comparable certification

Senior SIEM Architect/SME

Key skills