Senior SIEM Architect/SME
Location: Remote (US)
Experience Level: Senior
Description
About Dragonfli Group
Dragonfli Group is an elite cybersecurity and IT advisory firm specializing in security operations, architecture, governance, and technology implementation for enterprise and regulated industry clients. We are a certified small business with deep experience across federal, financial services, utilities, and professional services sectors.
Dragonfli seeks a Senior SIEM SME for an 8-week SIEM consolidation and architecture assessment engagement with an enterprise delivery project. The project's client operates a complex multi-vendor security monitoring environment and requires a defensible, data-driven vendor recommendation and implementation roadmap ahead of major contract renewal decisions.
Follow-On Potential
This engagement is Phase 1 of a larger program. Phase 2 is a full SIEM implementation β platform migration, log source onboarding, detection rule migration, and cutover. That work is significantly larger in scope and hours. Strong performers on this engagement will be first consideration for Phase 2 and for ongoing roles within Dragonfli's growing security operations practice.
Responsibilities:
- Lead all current state analysis: ingest volume baseline, use case library maturity audit, XDR/SIEM convergence analysis, data lake evaluation, DLP posture assessment, and retention gap analysis
- Populate and validate a proprietary multi-vendor SIEM scoring dashboard using actual client contract and usage data
- Build a 3-year total cost of ownership model across five vendor platforms
- Produce the following deliverables under the direction of the Engagement Lead: Current State Findings Summary, Vendor Recommendation Report, Target State Architecture Overview, SIEM Assessment Dashboard, Phase 2 Roadmap Framework
- Participate in and provide technical defense during two client-facing working sessions (90 min each, video call)
- Mentor a junior Cybersecurity Engineer Analyst on the team throughout the engagement
- Work directly alongside the Dragonfli Engagement Lead (CEO) on all client interactions
Requirements
Required:
- 7+ years of hands-on SIEM experience β architecture, deployment, and ongoing operations
- Deep platform expertise in at least two of: Splunk (Enterprise or Cloud), Microsoft Sentinel, Rapid7 InsightIDR
- Experience evaluating SIEM platforms in an enterprise environment β vendor scoring, cost modeling, architecture trade-off analysis
- Ability to produce client-ready written deliverables: findings summaries, recommendation reports, architecture overviews
- Comfortable presenting and defending technical analysis in front of a client security team
- Experience working independently on tight timelines with minimal oversight
- Ability to mentor and develop a junior team member
Preferred:
- Experience with SentinelOne Singularity or comparable XDR/data lake platforms
- Background in regulated industries: financial services, legal, healthcare, or federal government
- Familiarity with Cribl Stream or data routing/tiering architectures
- CISSP, GCTI, Splunk Certified Architect, or comparable certification
Skill(s)
Technical Skills
- SIEM architecture, deployment, and operations (7+ years)
- Splunk (Enterprise or Cloud)
- Microsoft Sentinel
- Rapid7 InsightIDR
- SentinelOne Singularity or comparable XDR/data lake platforms
- Cribl Stream or data routing/tiering architectures
- DLP (Data Loss Prevention) assessment
- XDR/SIEM convergence analysis
- Ingest volume baselining and log source analysis
- Use case library development and maturity assessment
- Retention gap analysis
- 3-year TCO (Total Cost of Ownership) modeling
- Multi-vendor SIEM scoring and evaluation frameworks
Analytical & Deliverable Skills
- Vendor scoring and cost modeling
- Architecture trade-off analysis
- Current state assessment and findings documentation
- Client-ready report writing (recommendation reports, architecture overviews, roadmap frameworks)
Soft Skills & Professional Competencies
- Client-facing presentation and technical defense
- Independent work on tight timelines with minimal oversight
- Mentorship and junior team member development
- Cross-functional collaboration
Certifications (Preferred)
- CISSP
- GCTI
- Splunk Certified Architect
- Comparable security architecture certification
Benefits
Travel
There are more than 50,000 engineering jobs:
Subscribe to membership and unlock all jobs
Engineering Jobs
60,000+ jobs from 4,500+ well-funded companies
Updated Daily
New jobs are added every day as companies post them
Refined Search
Use filters like skill, location, etc to narrow results
Become a member
π₯³π₯³π₯³ 452 happy customers and counting...
Overall, over 80% of customers chose to renew their subscriptions after the initial sign-up.
To try it out
For active job seekers
For those who are passive looking
Cancel anytime
Frequently Asked Questions
- We prioritize job seekers as our customers, unlike bigger job sites, by charging a small fee to provide them with curated access to the best companies and up-to-date jobs. This focus allows us to deliver a more personalized and effective job search experience.
- We've got over 200,000 jobs from 15,000+ vetted companies. No fake or sleazy jobs here!
- We aggregate jobs from 15,000+ companies' career pages, so you can be sure that you're getting the most up-to-date and relevant jobs.
- We're the only job board *for* software engineers, *by* software engineersβ¦ in case you needed a reminder! We add thousands of new jobs daily and offer powerful search filters just for you. π οΈ
- Every single hour! We add 2,000-3,000 new jobs daily, so you'll always have fresh opportunities. π
- Typically, job searches take 3-6 months. EchoJobs helps you spend more time applying and less time hunting. π―
- Check daily! We're always updating with new jobs. Set up job alerts for even quicker access. π
What Fellow Engineers Say