Security Architect

Kforce has a client that is seeking a Security Architect in Ramsey, NJ.

Overview:This role is focused on reevaluating and architecting the SOC technology stack. The role is centered on initial build-out, architecture, and design from the ground up - not long-term maintenance.

Core Responsibilities & Scope:

• Evaluate and select a new SIEM platform

Design how the SIEM integrates with:

• EDR
• SOAR
• SDR solutions

Ensure tools work together cohesively and support automation, particularly via SOAR, to:

• Detect
• Contain
• Respond to incidents more efficiently

There is already an architect per major domain area; This role complements existing leadership.

Ownership & Decision-Making Authority:

• Transition into a long-term architect/engineer
• Potentially convert to full-time if successful

Project Phases:GIAC / GX certsCompTIA CASP+Security-focused professional certifications (Security+, etc.)

Ideal Experience & Background

8+ years in security engineering and/or architecture rolesProven experience migrating from one security tool to another (SIEM/SOAR/EDR)Experience working with or for an MSSP is a strong plusStrong background in security tool evaluation, implementation, and optimizationExperience building or improving incident response or forensics processes/tools (big plus)Experience writing and managing Sigma rules (not required but highly desirable)

Current Security LandscapeTheir existing stack consists of:

SIEM: Google SecOps (currently considering replacements)EDR: They like their current EDR and are likely to keep itSOAR: Using Swimlane; also open to alternatives

This person will be primarily responsible for the project; Acts as the ultimate advisor on SIEM/SOC architecture decisions:Phase 1: Assessment & Recommendations:

• Evaluate current tools and architecture
• Test, validate, and compare alternative solutions
• Provide recommendations that meet defined criteria* GIAC/GX certs
• CompTIA CASP+
• Security-focused professional certifications (Security+, etc.)

Ideal Experience & Background:

• 8+ years in security engineering and/or architecture roles
• Proven experience migrating from one security tool to another (SIEM/SOAR/EDR)
• Experience working with or for an MSSP is a strong plus
• Strong background in security tool evaluation, implementation, and optimization
• Experience building or improving incident response or forensics processes/tools (big plus)
• Experience writing and managing Sigma rules (not required but highly desirable)

Current Security Landscape:Their existing stack consists of:

• SIEM: Google SecOps (currently considering replacements)
• EDR: They like their current EDR and are likely to keep it
• SOAR: Using Swimlane; Also open to alternatives
• Strong experience architecting and setting up a SIEM solution (hands-on build experience required)
• Deep familiarity with SIEM/SOC tooling ecosystems

Experience with any of the following is highly relevant:

• Elastic/ELK
• Splunk
• IBM QRadar
• Google SecOps

Ideal Candidate Indicators:Resume highlights such as:

• Built out an ELK stack for X company
• Architected or led a SIEM migration/buildout
• Bonus skill: Sigma Rules experience (less common, usually seen in mature MSSPs)

Current Tooling & Market Context:

• Elastic and SentinelOne are the two solutions that have stood out
• SentinelOne is currently used for EDR

The SIEM product from SentinelOne is very new to the market, so:

• Expect limited real-world experience in candidate pool
• Candidates may have experience across multiple SIEM platforms, which is expected and acceptable
• Broad SIEM exposure is valued highly due to the evolving landscape
• Prior experience evaluating tooling, making architecture decisions, and leading implementation phases
• Experience migrating to or from a SIEM platform is a strong signal