Senior Consultant – Security Data Pipeline, SIEM & Data Engineering
About the client:
Our client is a major enterprise driving innovation in security operations and data engineering. This role is pivotal in delivering scalable, resilient logging and SOC onboarding architectures for next-generation security operations.
About the role:
We are seeking a Senior Consultant / Specialist to lead Log Rationalisation and SOC Onboarding projects. You’ll design, implement, and optimise security data pipelines, data lakes, and SIEM platforms, enabling cost efficiency and operational resilience for advanced SOC operations.
Key Responsibilities:
• Design and implement security data pipelines (Cribl, Splunk DMX, Kafka-based).
• Architect and optimise Security Data Lakes (AWS Security Lake, Snowflake, Delta Lake).
• Configure and manage SIEM platforms (Splunk, Microsoft Sentinel, or equivalent).
• Develop log rationalisation, enrichment, suppression, and parsing strategies.
• Build and manage data ingestion frameworks, schema management, and ETL/ELT pipelines.
• Enable federated search and cross-platform analytics across SIEMs and data lakes.
• Support SOC onboarding by integrating SIEM pipelines with SOAR, TI, and case management systems.
• Conduct readiness validation and performance benchmarking of logging and SOC onboarding architectures.
• Provide knowledge transfer, documentation, and operational playbooks.
Required Experience:
• 5+ years’ experience in security operations engineering, SIEM, or data platforms.
• Data engineering expertise in log ingestion, schema transformation, and distributed systems.
• Strong expertise with at least one security data pipeline (Cribl Stream, Splunk DMX, Fluentd, Logstash).
• Hands-on experience with data lakes (AWS Security Lake, Snowflake, Microsoft Fabric, Delta Lake).
• Proficiency in SIEM platforms (Splunk Cloud/Enterprise Security, Microsoft Sentinel).
• Strong scripting and automation skills (Python, SQL, PowerShell).
• Familiarity with cloud environments (AWS, Azure, GCP).
• Strong experience with SOC onboarding workflows and integrations (ticketing, SOAR, TI).
• Excellent communication and documentation skills.
What’s on offer?
This is a 12- month initial contract opportunity with likelihood of extensions available in Melbourne, Victoria. You’ll play a key part in delivering robust, scalable security data solutions in a dynamic, high-impact environment.
How to Apply
Please upload your CV to apply. For direct enquiries about the role, contact Farbar Siddiq at farbars@whizdom.com.au
or 0489 922 211.
Suitable candidates will be contacted with next steps. You may be required to complete selection criteria as part of the application process.
