Client: State of SC
Posting ID: 10793
Posting title: IT - ADMIN - Security Architect - Consultant
Division: Division of Technology - Information Security (DIS)
Title: Security Architect – Consultant
Address: 1201 Main Street Suite 600, Columbia, SC - 29201
Projected Start Date: 05/25/2026
Projected End Date/Duration: 12 Months from projected start
Possibility for Extension: Yes
Work Location: Fully Remote
Interview Process: 1 round, Virtual/Online - potential for a 2nd round onsite as needed
Candidate Location: No SC residency required. Open to nationwide candidates.
Resource is local to Columbia, South Carolina or a surrounding city in South Carolina
The following are required for bid submission:
- Resume
- R2R
- Cover Letter
- Meets Work Location
Position Description
- The State of South Carolina is looking for a Security Architect - Consultant (Detection Engineer)
- Why is this position open: New position - supporting statewide security detection and response across South Carolina’s state agencies. (Division of Information Security)
Required Skills
- Education: Bachelor’s Degree in an Information Technology or Information Security related field; 8+ years of relevant work experience in security architecture may be substituted in lieu of education
- 5+ years of experience with scripting automation (Python, Bash, PowerShell, or similar)
- 5+ years of experience in supporting large IT environments and/or system deployments
- Experience with Sigma, Yara, and other industry standard detection languages
- Experience with MITRE ATT & CK Framework
Preferred Skills
- Certification: CISSP, CISA, CISO or equivalent advanced security certifications (CEH, OSCP. GPEN)
- Certification: Vendor certifications in detection engineering
- Experience with the Palo Alto Cortex XSIAM platform
- Deep understanding of Windows/Linux artifacts
Description
WHY IS THIS POSITION OPEN (new role, increased workload, new dept, resignation, promotion)?
- If backfill Position – What separated the candidate, you initially selected from all the other resumes presented? New role supporting statewide security detection and response across South Carolina’s state agencies.
SCOPE OF THE PROJECT:
- THE POSITION WILL WORK AS A CONSULTING DETECTION ENGINEER WITHIN THE DIVISION OF INFORMATION SECURITY. THIS ROLE WILL FOCUS ON CREATING, TUNING, AND MAINTAINING NEW AND EXISTING DETECTION RULES WITHIN THE STATE MONITORING ENVIRONMENT. ENGAGING DIRECTLY WITH STATE AGENCIES TO PROMOTE, SUPPORT, AND IMPROVE ADOPTION OF CENTRALIZED SECURITY SERVICES IS A KEY FOCUS. THE ENGAGEMENT IS EXPECTED TO BE NEEDED FOR 12 MONTHS WITH THE POSSIBILITY OF EXTENSION.
Daily Duties / Responsibilities:
- PREFERENCE WILL BE GIVEN TO A CANDIDATE WHO CAN WORK ONSITE OVER HYBRID AND OVER FULL-TIME REMOTE (ON-SITE AS NEEDED).
- Review and tune current detection rules within the State SIEM.
- Perform Gap analysis of the current detection coverage.
- Develop detection rules/solutions to cover found Gaps.
- monitor threat intelligence sources for new use cases.
- Work with State SOC analysts to create and tune rules.
- Work with the State Threat Hunter to identify and remediate detection coverage gaps.
- Document processes, runbooks, and troubleshooting steps related to the SOAR and integrations.
- Coordinate with engineering, SOC, and agency staff as needed to meet goals.
- Other duties as needed.
Additional skills and duties:
- Proven experience with detection tuning/development..
- Experience with dashboard creation and reporting.
- Excellent communication and customer service skills for agency-facing engagement.
- Experience in working in multi-tenancy environment
- Experience in multi-agency or enterprise service projects.
Preferred Skills (rank in order of Importance):
- Experience with the Palo Alto Cortex XSIAM platform.
- Deep understanding of Windows/Linux artifacts.
Preferred Education/Certifications:
- CISSP, CISA, CISO or equivalent advanced security certification.
- Additional relevant certifications (e.g., CEH, OSCP, GPEN).
- VENDOR CERTIFICATIONS IN DETECTION ENGINEERING.
- Resource is local to Columbia, South Carolina or a surrounding city in South Carolina
Required Education/Certifications:
- BACHELOR'S DEGREE IN AN INFORMATION TECHNOLOGY OR INFORMATION SECURITY RELATED FIELD
- EIGHT YEARS OF RELEVANT WORK EXPERIENCE MAY BE SUBSTITUTED IN LIEU OF EDUCATION
- FIVE YEARS OF EXPERIENCE IN SUPPORTING LARGE IT ENVIRONMENTS AND/OR SYSTEM DEPLOYMENTS
- 5+ years of Strong scripting and automation skills (Python, Bash, PowerShell, or similar).
- Understanding of Sigma, YARA, and other industry standard detection languages.
- Familiarity with MITRE ATT&CK framework
“Cleo Consulting is an equal opportunity employer (Minorities/Women/Veterans/Disabled)”
Never miss an opportunity! Create an alert based on the job you applied for.
