Remote - Security Architect

Security Architect

Location:

Remote

Duration of the

Contract:

12 months

Possibility for Extension:
Yes

Daily

Duties / Responsibilities:

• Proven experience with detection tuning/development.
• Experience with dashboard creation and reporting.

Additional Skills and Duties:

• Review and tune current detection rules within the State SIEM.
• Perform gap analysis of the current detection coverage.
• Develop detection rules/solutions to cover found gaps.
• Monitor threat intelligence sources for new use cases.
• Work with State SOC analysts to create and tune rules.
• Work with the State Threat Hunter to identify and remediate detection coverage gaps.
• Document processes, runbooks, and troubleshooting steps related to the SOAR and integrations.
• Coordinate with engineering, SOC, and agency staff as needed to meet goals.
• Other duties as needed.

Preferred Skills (Ranked by Importance):

• Experience with the Palo Alto Cortex XSIAM platform.
• Deep understanding of Windows/Linux artifacts.
• Excellent communication and customer service skills for agency-facing engagement.
• Experience working in a multi-tenancy environment.
• Experience in multi-agency or enterprise service projects.

Required

Education / Certifications:

• Bachelor's Degree in an Information Technology or Information Security related field.
• Eight years of relevant work experience may be substituted in lieu of education.
• Five years of experience supporting large IT environments and/or system deployments.
• 5+ years of strong scripting and automation skills (Python, Bash, Power Shell, or similar).
• Understanding of Sigma, YARA, and other industry-standard detection languages.
• Familiarity with MITRE ATT&CK framework.

Preferred

Education / Certifications:

• CISSP, CISA, CISO, or equivalent advanced security certification.
• Additional relevant certifications (e.g., CEH, OSCP, GPEN).
• Vendor certifications in Detection Engineering.

Preference will be given to a candidate who can work onsite over hybrid and over full-time remote (on-site as needed).