InterSources Inc is seeking a Security Architect – Consultant (SIEM Engineer) who will design, implement, administer, maintain, and optimize Palo Alto Cortex XSIAM and Cortex XDR solutions across large-scale, multi-tenant security environments. The consultant will collaborate with enterprise security architects and SOC analysts to enhance security operations and support various agency needs.
Responsibilities:
- Design, deploy, configure, administer, optimize, and troubleshoot Palo Alto Cortex XSIAM and Cortex XDR platforms
- Engineer and support enterprise SIEM and XDR capabilities within large-scale, multi-tenant security environments
- Support agency onboarding, tenant-specific configuration, role-based access control, data segregation, dashboards, and reporting
- Develop, test, tune, and maintain detections, correlation rules, analytics, threat-hunting queries, watchlists, and alert suppression logic
- Reduce false positives while improving detection coverage, accuracy, and operational effectiveness
- Create, manage, and optimize complex automated response workflows and security playbooks
- Develop automation and integrations using Python, Bash, APIs, and other scripting technologies
- Design and administer Cribl data models and security log pipelines
- Perform log parsing, normalization, enrichment, filtering, routing, replay, transformation, and ingestion
- Onboard and troubleshoot telemetry from cloud platforms, endpoints, networks, identity systems, SaaS applications, Linux, Windows, and custom applications
- Monitor ingestion health, platform availability, alert volumes, false positives, detection coverage, service levels, and tenant-specific operational metrics
- Optimize log volumes, retention, platform performance, and data-ingestion costs while maintaining security and compliance requirements
- Integrate SIEM and XDR platforms with ticketing, case-management, notification, identity, threat-intelligence, and enterprise systems
- Develop automated workflows for enrichment, triage, containment, escalation, notification, case management, and incident response
- Support Tier 1 through Tier 3 SOC analysts through platform troubleshooting, detection tuning, threat hunting, technical escalation, knowledge transfer, and shift handoffs
- Create and maintain runbooks, standard operating procedures, escalation matrices, troubleshooting guides, architecture diagrams, data-flow documentation, use-case catalogs, and analyst knowledge articles
- Ensure high availability, resiliency, backup, recovery, lifecycle management, and controlled change processes for SIEM, XDR, and supporting log pipeline services
- Collaborate with security architects, engineers, analysts, and agency stakeholders to align solutions with business requirements, regulatory standards, cybersecurity frameworks, and organizational risk tolerance
- Participate in a monthly on-call rotation supporting a 24x7 SOC and provide after-hours maintenance or incident support as required
Requirements:
- Bachelor's degree in Information Technology, Information Security, Cybersecurity, Computer Science, or a related field
- Eight or more years of relevant professional experience may be substituted in place of the degree requirement
- Five or more years of experience supporting large IT environments and/or enterprise system deployments
- Hands-on experience with Palo Alto Cortex XSIAM and Cortex XDR design, implementation, administration, configuration, optimization, troubleshooting, and operational support
- Experience engineering and supporting SIEM capabilities in large-scale, multi-tenant environments
- Experience supporting 24x7 Security Operations Center operations
- Experience developing and tuning detections, correlation rules, analytics, threat-hunting queries, dashboards, reporting, watchlists, and alert suppression logic
- Strong experience creating, maintaining, and managing complex security playbooks
- Hands-on experience with Cribl data modeling and security log pipeline design
- Experience with log parsing, normalization, enrichment, filtering, routing, replay, and ingestion
- Experience developing automation, integrations, response workflows, and playbooks using Python and Bash
- Experience onboarding, integrating, and troubleshooting telemetry from cloud, endpoint, network, identity, SaaS, Linux, Windows, and custom application sources
- Strong understanding of enterprise security architecture, incident response, networking, access control, secure system design, and cybersecurity frameworks
- Ability to support strategic planning, solution design, implementation, troubleshooting, performance optimization, and continuous security improvement
- Strong technical documentation, troubleshooting, communication, and cross-functional collaboration skills
- Hands-on experience operating Cortex XSIAM and Cortex XDR in a large, multi-tenant enterprise environment
- Hands-on Cribl administration, data modeling, pipeline development, and log pipeline optimization experience
- Experience supporting Tier 1, Tier 2, and Tier 3 SOC analysts
- Experience with threat hunting, incident response, operational escalation, and 24x7 shift handoffs
- Experience developing security playbooks, runbooks, procedures, escalation matrices, and technical documentation
- Familiarity with industry-standard security and compliance frameworks
- CISSP, CompTIA Security+, GIAC, or a comparable security certification
- Palo Alto Cortex, Cribl, SIEM, XDR, or another relevant security-platform certification
- Previous experience supporting government, regulated, or large enterprise security environments