Security Architect (NDR, Observability)

Role: Security Architect (NDR, Observability)

Location: Minneapolis, MN / Hartford, CT

Duration: 12 Month Contract

Key Skills: AI,Gen AI, Copilot, Network Detection & Response (NDR), Monitoring and Observability, Python, API Integration, Corelight, Endace, Cpacket, Grafana, Prometheus, InfluxDB, Network Traffic, Packet Capture.

Job Description:
Senior consultant will support the operational health, visibility, and performance of the enterprise Network Detection & Response (NDR) environment, with a primary focus on the Corelight platform and surrounding telemetry pipelines. This role combines security operations expertise with the ability to build a modern monitoring and observability framework leveraging APIs, time series databases, automation, and data visualization tools.
The engineer will design and implement a comprehensive health monitoring architecture that ensures accurate, timely detection of platform degradation, enhanced visibility into sensor and pipeline performance, and operational insights that support Security Operations, Incident Response, and Network Engineering teams.

Required Qualifications
05 years in security operations, NDR, network engineering, or observability engineering.
Hands-on experience with Corelight, Endace, cpacket, Zeek, Suricata, or related NDR technologies.
Strong Python development skills, especially for API integrations and automation.
Experience with monitoring and visualization platforms (Grafana, Prometheus, InfluxDB, Telegraf).
Solid understanding of network traffic, packet capture, and troubleshooting.
Ability to create dashboards, alerts, and metrics pipelines for large-scale environments.
Experience supporting security operations teams or incident response workflows.

Required AI Skills:
Al resources are expected to demonstrate baseline proficiency in enterprise-approved AI tools as part of their day-to-day responsibilities. This includes, but is not limited to:
Consistent Use: Maintain a minimum of 90% weekly usage of AI tools such as GitHub Copilot, Microsoft 365 Copilot, and other GenAI platforms approved by the enterprise.
Applied Productivity: Leverage AI tools to enhance coding, documentation, data analysis, and decision-making workflows.
Continuous Learning: Stay current with evolving AI capabilities and features, and apply them to improve delivery quality and velocity.

Preferred Qualifications
Experience developing custom Prometheus exporters (Python/Go).
Prior exposure to Corelight APIs and Zeek script customization.
Familiarity with Docker, Kubernetes, or containerized exporters.
Experience with SIEM platforms and log ingestion pipelines.
Exposure to data engineering platforms (Kafka, Elasticsearch, Loki).
Knowledge of MITRE ATT&CK and NDR detection engineering.

This role is responsible for:
Operating and maintaining the NDR ecosystem.
Developing automated collection of health and performance metrics using Python and REST APIs.
Building a production ready observability stack using Grafana, Prometheus, InfluxDB, and Telegraf.
Ensuring platform reliability, data quality, and visibility through dashboards, alerts, and automation workflows.
Providing advanced troubleshooting support to ensure uninterrupted NDR coverage across the enterprise.
The individual will play a critical role in improving detection efficacy, reducing noise, optimizing sensor uptime, and delivering insights that enhance the organization's overall security posture.

About Us WinningEdge:

Job Search can be a painful & frustrating process. We take time to understand candidate skill sets, and job search preferences and match them with our ideal clients. Our team has a combined experience of over 100 years and we have successfully placed hundreds of candidates.