Cybersecurity Architect SIEM Monitoring

SIEM Monitoring Cybersecurity Architect

The SIEM Monitoring Cybersecurity Architect plays a critical role in the day-to-day implementation, maintenance, and support of cybersecurity visibility and monitoring within the enterprise. This role manages, maintains, and improves the monitoring and visibility tools and integrations to support the implementation of a zero-trust infrastructure.

This position is responsible for implementing, configuring, and improving overseeing integrations and automation to support cybersecurity visibility efforts. These efforts will have a focus on reducing detection delays, reducing false positives, and improving the integration of new and existing tools to provide effective detection of activities in the enterprise to enable comprehensive visibility while adhering to best practices and industry standards.

This role will be responsible for collaborating closely with other departments to provide engineering support for new and existing tools related to monitoring functions and integrations. Additionally, this position also supports the Cybersecurity department through security research and development, product evaluations, consulting, project support, and other tasks as needed. The Cybersecurity Architect provides technical expertise to implement security related standards, procedures, and guidelines appropriate to securing the existing environment in partnership with other departments and Information Technology.

Key Functions:

Operational Planning & Management:

• Support all activities performed by the cybersecurity team associated with the deployment and maintenance of all cybersecurity systems related to monitoring and visibility
• Participate in the development of the annual strategy and capacity planning activities
• Manage projects with IT and property teams and for projects internal to cybersecurity
• Assist with general administrative activities in collaboration with all team members
• Prepare status reports and other metrics as needed

Visibility Integrations:

• Implement and manage integrations across the cybersecurity suite of solutions to establish or enhance visibility and secure access across multiple applications and systems.
• Design and implement ingestion of logs from endpoints, servers, network devices, applications, cloud platforms (AWS, Azure, GCP), and SaaS services.
• Ensure parsing, normalization, and enrichment of log data for effective correlation and analysis.
• Integrate detection and response solutions providing real-time visibility into user and device behavior.
• Implement native integrations with cloud services (CloudTrail, Azure Monitor, GCP Audit Logs, etc.).
• Configure APIs and collectors for hybrid environments to ensure full telemetry coverage.
• Integrate IAM sources such as Active Directory, LDAP, Azure AD, and SSO providers (Okta, Ping).
• Correlate authentication events for anomaly detection and behavior baselining.
• Enable contextual enrichment of logs with IOCs (IPs, domains, file hashes, etc.).
• Capture telemetry and logs from custom and third-party applications
• Collaborate with application and system owners to integrate monitoring solutions into existing and new services.
• Create and maintain comprehensive documentation, including configuration settings, procedures, and user guides.
• Provide support to end-users for monitoring problems.
• Manage and prioritize opportunities to enhance and make available new functionality.

Required:

• Bachelor's degree in Computer Science, Business Management, MIS, Information Technology, or similar related cyber disciplines; or equivalent work experience
• At least a minimum of five (7) years of related business experience
• Superior communications skills, both verbal and written
• Direct experience managing multi-faceted integration projects
• Requires knowledge of underlying platform(s); prior experience working with interdependent platforms; working knowledge of standards and impact of non-standard approaches
• Technical knowledge of business processes and procedures and systems to support it
• Ability to maximize system to support business processes, recommend and influence business process change to maximize use of system
• Strong problem-solving and analytical abilities

Preferred:

• Certified training in Security Management, Risk and Compliance Solutions and Practices. CISSP, GSEC, CRISC, or related certification(s)
• Programming and scripting skills for automation and customization.
• Experience with cloud-based monitoring solutions.