Security Data Architect - SIEM Pipeline

- Design scalable and reusable security telemetry pipelines utilizing Cribl, NiFi, Vector, and similar platforms, ensuring consistent data ingestion across 100 diverse sources. - Develop platform-agnostic ingestion frameworks and modular patterns that support various protocols and destinations (syslog, HTTP, Event Hubs, Snowflake, ADX, etc.). - Create multi-year ingestion and transformation roadmaps, incorporating modernization phases, platform standards, and scalable architectural guidelines. - Establish enterprise governance models for schema evolution, onboarding new data sources, quality of transformation, and version control. - Drive platform consolidation by identifying redundant ingestion methods and merging them into unified enterprise frameworks. - Create reference architectures, reusable design patterns, and standardized pipeline templates that will be adopted by all engineering teams. - Provide technical mentorship to senior engineers, fostering architectural thinking and advanced system design approaches. - Influence strategies across the organization by aligning ingestion and transformation capabilities with threat detection, compliance, SIEM modernization, and analytics roadmaps. - Assess emerging technologies for fit, integration strategies, and long-term viability for large-scale telemetry processing. - Lead the adoption of OCSF-based normalization, encompassing field mapping, schema validation, and portable transformation templates. - Implement advanced data transformation logic (filtering, enrichment, routing, format conversion) using Groovy, Python, or JavaScript while ensuring stringent governance and security measures. - Ensure complete data lineage and traceability throughout all stages of ingestion, transformation, and storage, including metadata tagging and audit-ready tracking. - Integrate observability at the pipeline level: health monitoring, error management, transformation failure alerts, and anomaly detection. - Validate high fidelity data delivery to analytics and SIEM platforms, minimizing issues such as data loss, duplication, and drift. - Lead collaborative design sessions, technology assessments, and architecture reviews for expansive security telemetry frameworks. - Maintain comprehensive documentation related to ingestion methods, schema definitions, transformations, and governance standards.