Cybersecurity Architect

Hansen Talent Group is hiring a Cybersecurity Architect to support enterprise security monitoring, threat detection, and incident response initiatives for a large statewide security program.

This role is ideal for a cybersecurity professional with expertise in detection engineering, SIEM content development, threat hunting, and security operations. The successful candidate will help strengthen detection capabilities across multiple agencies by developing, tuning, and maintaining advanced security detections while collaborating closely with SOC analysts, threat hunters, and security engineering teams.

What You''ll Do

• Review, analyze, and tune existing security detection rules within the enterprise SIEM platform
• Conduct detection gap assessments and identify opportunities to improve security monitoring coverage
• Design, develop, test, and implement new detection content and use cases
• Monitor threat intelligence sources and translate emerging threats into actionable detection capabilities
• Partner with Security Operations Center (SOC) analysts to create, optimize, and validate detection rules
• Collaborate with threat hunting teams to identify and remediate detection coverage gaps
• Develop dashboards, reporting solutions, and security metrics to support operational visibility
• Document processes, runbooks, troubleshooting procedures, and detection engineering best practices
• Support SOAR integrations and automation initiatives to improve security operations efficiency
• Engage directly with state agencies to support and improve adoption of centralized security services
• Coordinate with cybersecurity engineering teams, SOC personnel, and agency stakeholders to achieve program objectives
• Provide ongoing recommendations for improving security monitoring effectiveness and operational maturity, * Work on enterprise-scale cybersecurity initiatives with broad impact
• Collaborate with experienced SOC analysts, threat hunters, and security engineers
• Opportunity to build advanced detection capabilities and improve security operations maturity
• Long-term engagement with potential for extension on a highly visible cybersecurity program

• Bachelor''s degree in Information Technology, Information Security, Cybersecurity, or related field
• Equivalent experience may be substituted, including 8 years of relevant professional experience in lieu of degree requirements
• Experience supporting large-scale IT environments, security operations, or enterprise security deployments
• Hands-on experience with scripting and automation using Python, PowerShell, Bash, or similar languages
• Experience developing, tuning, and maintaining SIEM detections and security monitoring content
• Strong understanding of threat detection methodologies and security operations processes
• Experience creating dashboards, reports, and operational metrics
• Strong communication and customer service skills with the ability to work directly with agency stakeholders
• Experience working within large enterprise or multi-tenant environments
• Experience supporting multi-agency, enterprise-wide, or shared services cybersecurity programs

Highly Desired Skills

• Experience with Palo Alto Cortex XSIAM
• Strong understanding of Sigma and YARA detection languages
• Experience mapping detections and use cases to the MITRE ATT&CK framework
• Knowledge of Windows and Linux security artifacts, telemetry, and forensic indicators
• Experience with SOAR platforms, integrations, and automation workflows
• Threat hunting experience
• SIEM engineering and content development experience
• Experience with detection coverage analysis and security gap assessments