Security Incident & Event Management (SIEM) Architect - W2 Contract bei Burwood Group, Inc

Who We Are 

Burwood Group is not your average technology consulting firm. We are an innovative, culture-driven industry leader, that helps companies use and manage technology to transform business and improve outcomes. Founded in 1997, headquartered in Chicago, we've grown to be a 200+ employee firm with team members and offices spread from Southern California to North Carolina. 

Burwood fosters a culture that applauds both teamwork and personal growth. We’ve cultivated an incredible team of people who are dedicated to their craft and passionate about using their skills to impact the success of the company. Join our team and build a career as unique as you are. 

Role Type: SIEM Architect – W2 Contractor
Work Status: Only open to US Citizen, Green Card holder 
Term: 6 months
Start: Upon completion of a required Federal Background Check 
Location: Hybrid, San Diego, CA
Other Requirements: Security Clearance, Valid DL

What You’ll Do

As a non-exempt/hourly employee at Burwood, the SIEM Architect will partner with Burwood team members and work directly with our end client. The successful candidate will lead the design, deployment, and operationalization of SIEM solutions, while providing expertise in platform evaluation, technical build documentation, data ingestion strategies, and ongoing operational support. In addition to:

• Lead the design and proposal of a SIEM solution, with a focus on Microsoft Sentinel and alternative platforms.
• Produce a comparative SIEM proposal, including a decision matrix (capabilities, deployment speed, extensibility, detection content, SOAR integration, compliance fit, and total cost of ownership).
• Develop detailed technical build instructions, including deployment in Azure Commercial and Government environments, workspace strategy, connectors, KQL parsing, cost controls, and SOAR integration.
• Document multi-tenant management via Azure Lighthouse, and alternative SIEM deployment with IaC templates and scripts.
• Define strategies for offline/air-gapped log collection, including secure file transfers, hashing, buffering, and chain-of-custody documentation.
• Design and deliver a pilot plan with success metrics, operating runbooks, lifecycle management, tuning, and incident response workflows.
• Present findings to both technical and executive stakeholders.

Who You Are

The ideal candidate will demonstrate a proven track record of success in the following areas:

• 5–8+ years in SIEM architecture/engineering and security operations support.
• Proven hands-on deployment of Microsoft Sentinel and Azure Lighthouse in Azure Commercial and Azure Government/GCC High environments.
• Strong KQL and Sentinel content engineering (Analytics Rules, UEBA, Workbooks, Playbooks/Logic Apps, Watchlists, Content Hub).
• Experience with at least one alternative SIEM (e.g., Splunk ES, QRadar, Elastic Security, Sumo Logic, Exabeam, LogRhythm), including parsing/normalization (e.g., CIM/ECS), rule development, and platform sizing.
• Offline / third-party log collection expertise: Cribl Stream/Edge, NXLog, syslog-ng/rsyslog, Splunk UF, Beats/Logstash, WEF, secure file-based ingestion and integrity controls.
• Familiarity with NIST 800‑53/171, CMMC 2.0, FedRAMP High considerations and operating constraints typical of GCC High/Azure Government tenants.
• Infrastructure-as-Code and automation skills: Bicep, ARM, Terraform, PowerShell, Python; Git-based workflows.
• Excellent client-facing communication, proposal writing, and workshop facilitation skills.
• Ability to work on-site in San Diego, CA, as needed (estimated 2–3 days/week during key phases).

The TECH Stuff

• SME in SIEM platforms, with hands-on Microsoft Sentinel and at least two others (Splunk, QRadar, Elastic, Exabeam, Sumo Logic, or LogRhythm).
• Strong background in Azure deployments (Commercial/Gov), workspace design, data connectors, and KQL parsing.
• SOAR integration expertise (Sentinel playbooks, Logic Apps, or third-party tools) with runbooks and IR workflows.
• Skilled in Infrastructure as Code (IaC) (Terraform, Bicep, ARM templates, PowerShell) and Azure Lighthouse multi-tenant management.
• Knowledge of log collection strategies (online/offline/air-gapped), secure transfers, chain-of-custody, and data normalization (Syslog, CEF, JSON).

The PERKS 

As a contract team member, Burwood offers the following benefits:

• 401(k) and Roth 401(k) savings plan, complete with a company match
• Health, dental, and vision insurance

We are Committed to Inclusion & Belonging

We are not intent on being the largest company, but rather, the best. These are the words we live by. This means we welcome all the best talent - regardless of gender, race, ethnicity, sexual orientation, disability, religion, and age. 

Being open to all cultural backgrounds, life experiences, thoughts, and ideas not only strengthens company culture but also encourages different-in-kind thinking and promotes economic success.