15+ Years Security Architect (SIEM & Threat Detection) | Remote

Role- Security Architect (SIEM & Threat Detection)

Location: Columbia, South Carolina (Remote)

Employment Type: Full-Time

Job Overview

We are seeking a highly skilled Detection Engineer to join a statewide cybersecurity operations team responsible for enhancing threat detection capabilities across a large enterprise environment. This role is ideal for a hands-on security professional with deep experience in SIEM engineering, detection development, threat intelligence, and security automation.

The successful candidate will review and optimize existing detection content, identify coverage gaps, develop advanced detection logic, and work closely with SOC analysts, threat hunters, and engineering teams to strengthen the organization''s security posture.

Key Responsibilities

Review, tune, and optimize existing SIEM detection rules to improve alert quality and reduce false positives.

Perform detection coverage assessments and identify security monitoring gaps.

Design, develop, and implement new detection use cases based on emerging threats and attack techniques.

Monitor threat intelligence sources and translate intelligence into actionable detections.

Collaborate with SOC analysts and threat hunters to improve detection effectiveness.

Develop dashboards, reporting solutions, and security monitoring metrics.

Support SOAR workflows, integrations, and automation initiatives.

Document detection engineering processes, runbooks, and troubleshooting procedures.

Work closely with security, infrastructure, and agency stakeholders to support enterprise security objectives.

Required Qualifications

Bachelor''s degree in Information Technology, Cybersecurity, Computer Science, or a related field (or equivalent experience).

5+ years of experience in Detection Engineering, SIEM Engineering, Security Operations, or Threat Detection.

Strong experience developing and tuning SIEM detection rules and analytics.

Hands-on experience with scripting and automation using Python, PowerShell, Bash, or similar technologies.

Strong understanding of Sigma, YARA, IOC-based detections, and threat intelligence integration.

Working knowledge of the MITRE ATT&CK framework and adversary tactics, techniques, and procedures (TTPs).

Experience supporting large enterprise environments and security monitoring operations.

Excellent communication and stakeholder management skills.

Preferred Qualifications

Experience with Palo Alto Cortex XSIAM.

Strong understanding of Windows and Linux security artifacts.

Experience working within multi-tenant or large-scale enterprise environments.

Experience supporting government, public sector, or multi-agency security operations.

Knowledge of SOAR platforms and security automation frameworks.

Industry certifications such as CISSP, CISA, CEH, OSCP, or GPEN.