SIEM Architect

Arηs Group – part of Accenture - is a market leader in the management of complex IT projects and systems. Founded in Luxembourg in 2003, we have grown to encompass 12 entities worldwide, employing over 2,500 employees in Luxembourg, Belgium, Greece, Italy, Portugal and Bulgaria. With our focus on getting things done, we help our clients achieve their goals with best-of-breed solutions, superior execution and exceptional services. We offer bespoke software development, data science, infrastructure, digital trust and mobile development to government institutions at national and European level, telecom providers, and financial institutions, among others. Our bold company culture is built around working hard and playing hard, with a flat and agile structure that lends itself to efficiency and employee empowerment. We value our diverse workplace of close-knit teams and provide a place where everyone can be supported to learn and evolve.

ARHS Group – part of Accenture – is looking for a highly motivated and skilled SIEM Architect for one of our clients, a key player in the financial domain.

The ideal candidate will be responsible for driving key initiatives and contributing to the success of our client. This role requires a combination of technical expertise, strategic thinking, and strong communication skills.

Context

Support and advisory services. The primary technologies involved are Splunk, Sentinel, and Elastic.

Taking into account potential changes based on evolving insights from the consultant's assessment, this project aims to facilitate the successful integration of multiple legacy SIEM platforms into a unified and scalable SIEM solution. This will be achieved through the provision of security engineering expertise across detection, data ingestion, and validation activities.

Role & responsibilities

• Conduct assessment and translation of existing detection rules from legacy SIEMs to the target platform.
• Support a RFP to select a SIEM
• Support migration of prioritized data sources, including log validation, parsing, enrichment, and tagging.
• Ensure business-critical alerting and correlation use cases are maintained or enhanced post-migration.
• Collaborate with internal SOC and engineering teams to implement scalable log ingestion pipelines and retention policies.
• Integrate with existing detection-as-code processes and related CI/CD pipelines for rule lifecycle management.
• Implement and test enrichment and contextual tagging using internal and external data sources.
• Assist in configuring federated search and ensuring data remains at rest in its respective environments.
• Validate the performance, fidelity, and coverage of translated detection logic using controlled datasets or historical log replay.
• Provide regular updates, documentation, and knowledge transfer sessions with internal teams.
• Deliver tuning recommendations and support post-migration optimization efforts.

Deliverables 

• Inventory of log sources, detection rules and integrations across legacy SIEM platforms.
• Data source and detection rule migration plan.
• Validated ingestion pipelines and normalized log formats.
• Enrichment and correlation configurations.
• Test definitions and test results including tuning reports for translated detections.
• Final migration summary with coverage validation and open gap tracking.
• Documentation for transitioned components. 

Your profile

• University degree in Computer Science, Cybersecurity, Data Engineering or a related field, or equivalent professional experience. A background in cybersecurity is strongly preferred.
• Strong analytical and problem-solving abilities, with meticulous attention to detail and a demonstrated capacity to work cross-functionally with infrastructure, security, and business teams.
• Excellent communication skills, capable of distilling complex technical details into clear insights for both technical and executive audiences.

Technical skills

• 8–10 years of experience in security architecture roles, with proven expertise in managing and integrating multiple SIEM platforms (e.g., Splunk, Microsoft Sentinel, Elastic).
• Hands-on experience in consolidating SIEM technologies across hybrid cloud and on-prem environments, including normalization of data sources, correlation rule migration, and log pipeline optimization.
• Deep understanding of SIEM architecture, log ingestion pipelines, data parsing and enrichment, and custom alert development.
• Deep experience aligning SIEM configuration and operations with regulatory compliance requirements such as PCI DSS, ISO 27001, HIPAA, and SOC 2, ensuring coverage of mandated logging, monitoring, and alerting controls.
• Strong knowledge of security concepts such as threat detection, data privacy controls, threat modeling, and risk assessment, with an emphasis on how they apply across diverse SIEM ecosystems.
• Experience designing and maintaining scalable data pipelines to support security telemetry ingestion, transformation, storage, and analysis across distributed systems.