Certified Woman & Minority Owned

Apply for this job

Security Architect / SIEM Engineer

100% Remote (Within US) 12 Months
Full-Time $17-$22/hr






Accepted: .doc, .docx, .pdf, - max 20MB
Posted: Jul 15, 2026
Ref: BTSCSA540

Position Overview


This position is 100% remote and will participate in a monthly on-call rotation supporting a 24x7 Security Operations Center serving multiple state agencies.

Description:

The client is looking for a Security Architect - Consultant (SIEM Engineer)

Scope:
This position will serve as a SIEM Engineer within the client. The successful candidate will show extensive experience successfully designing, implementing, maintaining and optimizing Palo Alto Cortex XSIAM and Cortex XDR in large-scale, multi-tenant security environments. This contractor will work with a large enterprise security team and a 24x7 Security Operations Center (SOC), assisting full-time security architects, engineers and analysts with the design, implementation, integration and continuous improvement of SIEM, XDR, detection and response capabilities supporting multiple state agencies.

Successful Candidate:
This contractor will be primarily focused on Cortex XSIAM and Cortex XDR engineering, administration, detection content, automation and operational support while also providing important secondary support for Cribl data modeling, log pipeline design, parsing, normalization, enrichment and ingestion. The role requires hands-on experience supporting both security engineering and SOC operations, including multi-tenant onboarding, tenant-specific configurations, access controls, data separation, integrations, dashboards, reporting, incident response, threat hunting, playbooks, runbooks, standard operating procedures and analyst enablement. The candidate must be able to support strategic planning, solution design, implementation, troubleshooting, performance optimization and continuous improvement of secure systems and services.


Daily Duties / Responsibilities
Primarily assist in the planning, design, deployment, administration and operational support of enterprise SIEM and XDR capabilities, including:
Palo Alto Cortex XSIAM and Cortex XDR platform engineering, configuration, optimization and troubleshooting.
Multi-tenant agency onboarding, tenant-specific configuration, role-based access, data segregation, dashboards and reporting.
Detection engineering, correlation rules, analytics, threat-hunting queries, watchlists, suppression logic and false-positive reduction.
Secondarily assist in the planning, design, deployment and operational support of log management and security data pipelines, including:
Cribl data modeling, log pipeline design, routing, parsing, normalization, enrichment, filtering, replay and ingestion.
Onboarding and health monitoring of cloud, endpoint, network, identity, SaaS and custom application telemetry.
Log volume, retention, performance and cost optimization while maintaining security and compliance requirements.
Integrations with ticketing, case management, notification, identity, threat intelligence and other enterprise systems as needed.
Develop, test, deploy and maintain automated response workflows and playbooks for enrichment, triage, containment, escalation, notifications, case management and incident response.
Create and maintain operational runbooks, standard operating procedures, escalation matrices, troubleshooting guides, architecture diagrams, data-flow documentation, use-case catalogs and analyst knowledge articles.
Support Tier 1 through Tier 3 SOC analysts and incident responders through platform troubleshooting, detection tuning, threat hunting, technical escalation, knowledge transfer and shift handoffs.
Monitor and report on ingestion health, platform availability, alert volumes, detection coverage, false positives, service levels, mean time to detect, mean time to respond and tenant-specific operational metrics.
Ensure high availability, resilience, backup, recovery, lifecycle management and controlled change processes for SIEM, XDR and supporting log pipeline services.
Collaborate with security architects, engineers, analysts and agency stakeholders to align solutions with business goals, industry-standard frameworks, regulatory requirements and organizational risk tolerance.

Required Skills (Rank in Order of Importance)
Hands-on Palo Alto Cortex XSIAM and Cortex XDR design, implementation, administration and operational support.
Experience engineering and supporting SIEM capabilities for multi-tenant environments and 24x7 Security Operations Center operations.
Experience developing and tuning detections, correlation rules, analytics, threat-hunting queries, dashboards, reporting and alert suppression logic.
Strong experience creating and managing complex playbooks.
Cribl data modeling, log pipeline design, parsing, normalization, enrichment, routing and ingestion.
Experience developing automation, integrations, playbooks and response workflows using scripting languages such as Python and Bash.
Experience onboarding and troubleshooting telemetry from cloud, endpoint, network, identity, SaaS, Linux, Windows and custom application sources.
Strong understanding of enterprise security architecture, incident response, networking, access control, secure system design and industry-standard cybersecurity frameworks.

Preferred Skills (Rank in Order of Importance)
Hands-on experience operating Cortex XSIAM and Cortex XDR in a large, multi-tenant environment.
Hands-on Cribl administration, data modeling and log pipeline optimization experience.
Experience supporting Tier 1 through Tier 3 SOC analysts, threat hunting, incident response and 24x7 operational handoffs.
Familiarity with industry-standard security and compliance frameworks and experience developing playbooks, runbooks, procedures and technical documentation.

Required Education/Certifications
Bachelor's degree in an Information Technology or Information Security related field.
Eight years of relevant work experience may be substituted in lieu of education.
Five years of experience in supporting large IT environments and/or system deployments.

Preferred Education/Certifications
CISSP, Security+ or GIAC certification.
Palo Alto Cortex, Cribl or other relevant SIEM/security platform certification.


Notes:
Role is 100% Remote. Preference will be given to local candidates who can come to the office as needed for client and departmental meetings, trainings, and other onsite activities.
Other:

After-hours maintenance, incident escalation support and operational handoffs may be required as needed. .

This position is 100% remote and will participate in a monthly on-call rotation supporting a 24x7 Security Operations Center serving multiple state agencies. Other after-hours work may be required as needed


VIVA is an equal opportunity employer. All qualified applicants have an equal opportunity for placement, and all employees have an equal opportunity to develop on the job. This means that VIVA will not discriminate against any employee or qualified applicant on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status

Trusted by 100+ Fortune 500 Companies

Competitive Benefits


Your well-being Matters

Health & Future Fully Covered

At VIVA, employee well-being is paramount. Our comprehensive benefits package ensures your health, financial security, and quality of life are always prioritized.

Health Insurance

VIVA provides employees access to a comprehensive group health insurance plan (Medical, Dental, Vision, Basic Life, Term Life, and Accidental Death) through our flexible PPO plan-allowing you the freedom to choose healthcare providers.

401(k) Retirement Planning

Plan securely for your future with automatic payroll deductions into a tax-advantaged 401(k) retirement plan, including employer-matching contributions for eligible employees.

Performance Bonuses & Referrals

Earn performance-based bonuses and generous referral incentives of up to $500 when recommending talented candidates who become part of the VIVA family.

Biweekly Direct Deposit

Enjoy timely and convenient payroll with biweekly direct deposit to your chosen financial institution. Biweekly Direct Deposit

VIVA Perks Program

Access exclusive employee discounts and savings on electronics, travel, groceries, apparel, and more through our dedicated VIVA Perks Program.

Join VIVA and Grow
VIVA is faster, easier and you still have complete control

Security Architect / SIEM Engineer


Reference Number: BTSCSA540
Empty
Click + to add content