United States onlyDescription
About Dragonfli Group
Dragonfli Group is an elite cybersecurity and IT advisory firm specializing in security operations, architecture, governance, and technology implementation for enterprise and regulated industry clients. We are a certified small business with deep experience across federal, financial services, utilities, and professional services sectors.
Dragonfli seeks a Senior SIEM SME for an 8-week SIEM consolidation and architecture assessment engagement with an enterprise delivery project. The project's client operates a complex multi-vendor security monitoring environment and requires a defensible, data-driven vendor recommendation and implementation roadmap ahead of major contract renewal decisions.
Please note that this is a part-time contract position that runs over the course of 8 weeks. Average weekly hours will range between 10 - 40 over the course of the project.
Follow-On Potential
This engagement is Phase 1 of a larger program. Phase 2 is a full SIEM implementation — platform migration, log source onboarding, detection rule migration, and cutover. That work is significantly larger in scope and hours. Strong performers on this engagement will be first consideration for Phase 2 and for ongoing roles within Dragonfli's growing security operations practice.
Responsibilities:
- Lead all current state analysis: ingest volume baseline, use case library maturity audit, XDR/SIEM convergence analysis, data lake evaluation, DLP posture assessment, and retention gap analysis
- Populate and validate a proprietary multi-vendor SIEM scoring dashboard using actual client contract and usage data
- Build a 3-year total cost of ownership model across five vendor platforms
- Produce the following deliverables under the direction of the Engagement Lead: Current State Findings Summary, Vendor Recommendation Report, Target State Architecture Overview, SIEM Assessment Dashboard, Phase 2 Roadmap Framework
- Participate in and provide technical defense during two client-facing working sessions (90 min each, video call)
- Mentor a junior Cybersecurity Engineer Analyst on the team throughout the engagement
- Work directly alongside the Dragonfli Engagement Lead (CEO) on all client interactions
Requirements
Required:
- 7+ years of hands-on SIEM experience — architecture, deployment, and ongoing operations
- Deep platform expertise in at least two of: Splunk (Enterprise or Cloud), Microsoft Sentinel, Rapid7 InsightIDR
- Experience evaluating SIEM platforms in an enterprise environment — vendor scoring, cost modeling, architecture trade-off analysis
- Ability to produce client-ready written deliverables: findings summaries, recommendation reports, architecture overviews
- Comfortable presenting and defending technical analysis in front of a client security team
- Experience working independently on tight timelines with minimal oversight
- Ability to mentor and develop a junior team member
Preferred:
- Experience with SentinelOne Singularity or comparable XDR/data lake platforms
- Background in regulated industries: financial services, legal, healthcare, or federal government
- Familiarity with Cribl Stream or data routing/tiering architectures
- CISSP, GCTI, Splunk Certified Architect, or comparable certification
Skill(s)
Technical Skills
- SIEM architecture, deployment, and operations (7+ years)
- Splunk (Enterprise or Cloud)
- Microsoft Sentinel
- Rapid7 InsightIDR
- SentinelOne Singularity or comparable XDR/data lake platforms
- Cribl Stream or data routing/tiering architectures
- DLP (Data Loss Prevention) assessment
- XDR/SIEM convergence analysis
- Ingest volume baselining and log source analysis
- Use case library development and maturity assessment
- Retention gap analysis
- 3-year TCO (Total Cost of Ownership) modeling
- Multi-vendor SIEM scoring and evaluation frameworks
Analytical & Deliverable Skills
- Vendor scoring and cost modeling
- Architecture trade-off analysis
- Current state assessment and findings documentation
- Client-ready report writing (recommendation reports, architecture overviews, roadmap frameworks)
Soft Skills & Professional Competencies
- Client-facing presentation and technical defense
- Independent work on tight timelines with minimal oversight
- Mentorship and junior team member development
- Cross-functional collaboration
Certifications (Preferred)
- CISSP
- GCTI
- Splunk Certified Architect
- Comparable security architecture certification
