Senior SIEM Architect/SME

Dragonfli Group•Washington, DC

16d

About The Position

Dragonfli Group is an elite cybersecurity and IT advisory firm specializing in security operations, architecture, governance, and technology implementation for enterprise and regulated industry clients. We are a certified small business with deep experience across federal, financial services, utilities, and professional services sectors. Dragonfli seeks a Senior SIEM SME for an 8-week SIEM consolidation and architecture assessment engagement with an enterprise delivery project. The project's client operates a complex multi-vendor security monitoring environment and requires a defensible, data-driven vendor recommendation and implementation roadmap ahead of major contract renewal decisions. Follow-On Potential This engagement is Phase 1 of a larger program. Phase 2 is a full SIEM implementation — platform migration, log source onboarding, detection rule migration, and cutover. That work is significantly larger in scope and hours. Strong performers on this engagement will be first consideration for Phase 2 and for ongoing roles within Dragonfli's growing security operations practice.

Requirements

7+ years of hands-on SIEM experience — architecture, deployment, and ongoing operations
Deep platform expertise in at least two of: Splunk (Enterprise or Cloud), Microsoft Sentinel, Rapid7 InsightIDR
Experience evaluating SIEM platforms in an enterprise environment — vendor scoring, cost modeling, architecture trade-off analysis
Ability to produce client-ready written deliverables: findings summaries, recommendation reports, architecture overviews
Comfortable presenting and defending technical analysis in front of a client security team
Experience working independently on tight timelines with minimal oversight
Ability to mentor and develop a junior team member

Nice To Haves

Experience with SentinelOne Singularity or comparable XDR/data lake platforms
Background in regulated industries: financial services, legal, healthcare, or federal government
Familiarity with Cribl Stream or data routing/tiering architectures
CISSP, GCTI, Splunk Certified Architect, or comparable certification

Responsibilities

Lead all current state analysis: ingest volume baseline, use case library maturity audit, XDR/SIEM convergence analysis, data lake evaluation, DLP posture assessment, and retention gap analysis
Populate and validate a proprietary multi-vendor SIEM scoring dashboard using actual client contract and usage data
Build a 3-year total cost of ownership model across five vendor platforms
Produce the following deliverables under the direction of the Engagement Lead: Current State Findings Summary, Vendor Recommendation Report, Target State Architecture Overview, SIEM Assessment Dashboard, Phase 2 Roadmap Framework
Participate in and provide technical defense during two client-facing working sessions (90 min each, video call)
Mentor a junior Cybersecurity Engineer Analyst on the team throughout the engagement
Work directly alongside the Dragonfli Engagement Lead (CEO) on all client interactions