Key Facts

Remote From:

District of Columbia (USA) , Washington (USA)

Full time

Senior (5-10 years)

English

Hard Skills

Splunk Enterprise Security Azure Security Software Security Architecture Analysis Engineering Documentation Security Operations (SecOps) Transition Planning Risk Governance Cost Estimation Models Information Technology & Computing Services Customer Retention Data Lakes Data Loss Prevention Cross-Functional Collaboration

Other Skills

•
Mentorship
•
Analytical Thinking
•
Communication

Roles & Responsibilities

7+ years of hands-on SIEM experience — architecture, deployment, and ongoing operations.
Deep platform expertise in at least two of Splunk (Enterprise or Cloud), Microsoft Sentinel, and Rapid7 InsightIDR.
Experience evaluating SIEM platforms in an enterprise environment — vendor scoring, cost modeling, and architecture trade-off analysis.
Ability to produce client-ready written deliverables and defend technical analysis in client-facing sessions; capable of mentoring junior team members and working with minimal oversight.

Requirements:

Lead all current state analyses (ingest volume baseline, use case library maturity audit, XDR/SIEM convergence analysis, data lake evaluation, DLP posture assessment, and retention gap analysis).
Develop and validate a proprietary multi-vendor SIEM scoring dashboard using client contract and usage data, and build a 3-year total cost of ownership model across five vendor platforms.
Produce client-facing deliverables under the direction of the Engagement Lead, including Current State Findings Summary, Vendor Recommendation Report, Target State Architecture Overview, SIEM Assessment Dashboard, and Phase 2 Roadmap Framework.
Present and defend technical analyses in two client-facing sessions (90 minutes each) and mentor a junior Cybersecurity Engineer Analyst throughout the engagement.

Job description

Description

About Dragonfli Group

Dragonfli Group is an elite cybersecurity and IT advisory firm specializing in security operations, architecture, governance, and technology implementation for enterprise and regulated industry clients. We are a certified small business with deep experience across federal, financial services, utilities, and professional services sectors.

Dragonfli seeks a Senior SIEM SME for an 8-week SIEM consolidation and architecture assessment engagement with an enterprise delivery project. The project's client operates a complex multi-vendor security monitoring environment and requires a defensible, data-driven vendor recommendation and implementation roadmap ahead of major contract renewal decisions.

Follow-On Potential

This engagement is Phase 1 of a larger program. Phase 2 is a full SIEM implementation — platform migration, log source onboarding, detection rule migration, and cutover. That work is significantly larger in scope and hours. Strong performers on this engagement will be first consideration for Phase 2 and for ongoing roles within Dragonfli's growing security operations practice.

Responsibilities:

Lead all current state analysis: ingest volume baseline, use case library maturity audit, XDR/SIEM convergence analysis, data lake evaluation, DLP posture assessment, and retention gap analysis
Populate and validate a proprietary multi-vendor SIEM scoring dashboard using actual client contract and usage data
Build a 3-year total cost of ownership model across five vendor platforms
Produce the following deliverables under the direction of the Engagement Lead: Current State Findings Summary, Vendor Recommendation Report, Target State Architecture Overview, SIEM Assessment Dashboard, Phase 2 Roadmap Framework
Participate in and provide technical defense during two client-facing working sessions (90 min each, video call)
Mentor a junior Cybersecurity Engineer Analyst on the team throughout the engagement
Work directly alongside the Dragonfli Engagement Lead (CEO) on all client interactions

Requirements

Required:

7+ years of hands-on SIEM experience — architecture, deployment, and ongoing operations
Deep platform expertise in at least two of: Splunk (Enterprise or Cloud), Microsoft Sentinel, Rapid7 InsightIDR
Experience evaluating SIEM platforms in an enterprise environment — vendor scoring, cost modeling, architecture trade-off analysis
Ability to produce client-ready written deliverables: findings summaries, recommendation reports, architecture overviews
Comfortable presenting and defending technical analysis in front of a client security team
Experience working independently on tight timelines with minimal oversight
Ability to mentor and develop a junior team member

Preferred:

Experience with SentinelOne Singularity or comparable XDR/data lake platforms
Background in regulated industries: financial services, legal, healthcare, or federal government
Familiarity with Cribl Stream or data routing/tiering architectures
CISSP, GCTI, Splunk Certified Architect, or comparable certification

Skill(s)

Technical Skills

SIEM architecture, deployment, and operations (7+ years)
Splunk (Enterprise or Cloud)
Microsoft Sentinel
Rapid7 InsightIDR
SentinelOne Singularity or comparable XDR/data lake platforms
Cribl Stream or data routing/tiering architectures
DLP (Data Loss Prevention) assessment
XDR/SIEM convergence analysis
Ingest volume baselining and log source analysis
Use case library development and maturity assessment
Retention gap analysis
3-year TCO (Total Cost of Ownership) modeling
Multi-vendor SIEM scoring and evaluation frameworks

Analytical & Deliverable Skills

Vendor scoring and cost modeling
Architecture trade-off analysis
Current state assessment and findings documentation
Client-ready report writing (recommendation reports, architecture overviews, roadmap frameworks)

Soft Skills & Professional Competencies