What are the responsibilities and job description for the Security Information and Event Management Engineer position at V Group Inc.?
End Client: State of South Carolina - DOA
Job Title: SIEM Engineer
Location: Remote
Duration: 12 Months
Position Type: Contract
Hours Per Week: 40 Hr
Interview Mode: Webcam
Ceipal ID: SSC_SIEM751_MA
Requirement ID: 12751
Scope
This position will serve as a SIEM Engineer within the Department of Administration’s Division of Information Security. The successful candidate will have extensive experience designing, implementing, maintaining, and optimizing Palo Alto Cortex XSIAM and Cortex XDR in large-scale, multi-tenant security environments.
The contractor will work with a large enterprise security team and a 24x7 Security Operations Center (SOC), assisting full-time security architects, engineers, and analysts with the design, implementation, integration, and continuous improvement of SIEM, XDR, detection, and response capabilities supporting multiple state agencies.
Successful Candidate
The contractor will be primarily focused on Cortex XSIAM and Cortex XDR engineering, administration, detection content, automation, and operational support. Secondary responsibilities include support for Cribl data modeling, log pipeline design, parsing, normalization, enrichment, and ingestion.
The role requires hands-on experience supporting both security engineering and SOC operations, including:
- Multi-tenant onboarding
- Tenant-specific configurations
- Access controls and data separation
- Integrations, dashboards, and reporting
- Incident response, threat hunting, playbooks, runbooks, SOPs, and analyst enablement
The candidate must be able to support strategic planning, solution design, implementation, troubleshooting, performance optimization, and continuous improvement of secure systems and services.
Other Details
- 100% remote position.
- Monthly on-call rotation supporting the 24x7 SOC.
- After-hours maintenance, incident escalation support, and operational handoffs may be required.
Daily Duties / Responsibilities
- Assist in planning, design, deployment, administration, and operational support of enterprise SIEM and XDR capabilities, including:
- Palo Alto Cortex XSIAM and Cortex XDR engineering, configuration, optimization, and troubleshooting
- Multi-tenant agency onboarding, tenant-specific configuration, role-based access, data segregation, dashboards, and reporting
- Detection engineering, correlation rules, analytics, threat-hunting queries, watchlists, suppression logic, and false-positive reduction
- Support log management and security data pipelines, including:
- Cribl data modeling, log pipeline design, routing, parsing, normalization, enrichment, filtering, replay, and ingestion
- Onboarding and monitoring telemetry from cloud, endpoint, network, identity, SaaS, and custom applications
- Log volume, retention, performance, and cost optimization while maintaining compliance
- Integrations with ticketing, case management, notification, identity, threat intelligence, and other enterprise systems
- Develop, test, deploy, and maintain automated response workflows and playbooks.
- Create and maintain runbooks, SOPs, escalation matrices, troubleshooting guides, architecture diagrams, data-flow documentation, use-case catalogs, and analyst knowledge articles.
- Support Tier 1–3 SOC analysts and incident responders through troubleshooting, detection tuning, threat hunting, escalation, and knowledge transfer.
- Monitor and report on ingestion health, platform availability, alert volumes, detection coverage, false positives, SLAs, mean time to detect/respond, and tenant-specific metrics.
- Ensure high availability, resilience, backup, recovery, lifecycle management, and controlled change processes.
- Collaborate with architects, engineers, analysts, and stakeholders to align solutions with business goals, frameworks, and compliance requirements.
Required Skills (Ranked)
- Hands-on Palo Alto Cortex XSIAM and Cortex XDR design, implementation, administration, and support.
- SIEM engineering for multi-tenant environments and 24x7 SOC operations.
- Detection development and tuning (rules, analytics, threat-hunting queries, dashboards, reporting, suppression logic).
- Complex playbook creation and management.
- Cribl data modeling, log pipeline design, parsing, normalization, enrichment, routing, and ingestion.
- Automation, integrations, playbooks, and workflows using Python and Bash.
- Telemetry onboarding/troubleshooting from cloud, endpoint, network, identity, SaaS, Linux, Windows, and custom apps.
- Strong understanding of enterprise security architecture, incident response, networking, access control, secure system design, and cybersecurity frameworks.
Required Education / Certifications
- Bachelor’s degree in IT or Information Security (or equivalent).
- Eight years of relevant work experience may substitute for education.
- Five years of experience supporting large IT environments and/or system deployments.
Preferred Skills
- Hands-on experience operating Cortex XSIAM and Cortex XDR in large, multi-tenant environments.
- Cribl administration, data modeling, and log pipeline optimization.
- Experience supporting Tier 1–3 SOC analysts, threat hunting, incident response, and operational handoffs.
- Familiarity with security/compliance frameworks and experience developing playbooks, runbooks, procedures, and documentation.
_________________________________________________________________________________________________________
V Group Inc. is an IT Services company which supplies IT staffing, project management, and delivery services in software, network, help desk and all IT areas. Our primary focus is the public sector including state and federal contracts. We have multiple awards/ contracts with the following states: AR, CA, DE, FL, GA, IL, KY, MD, ME, MI, NC, NJ, NY, OH, OR, PA, SC, TX, VA, and WA. If you are considering applying for a position with V Group, or in partnering with us on a position, please feel free to contact me for any questions you may have regarding our services and the advantages we can offer you as a consultant.
Please share my contact information with others working in Information Technology.
Website: www.vgroupinc.com
LinkedIn: www.linkedin.com/company/v-group/
Facebook: www.facebook.com/VGroupIT
Twitter: www.twitter.com/vgroupinc