Senior Cybersecurity Architect, Agentic SOC Modernization & AI-Enabled Security Operations

Are you ready to make an impact

West Monroe is seeking a Senior Cybersecurity Architect Agentic SOC Modernization & AI-Enabled Security Operationsto join our Cybersecurity & Enterprise Technology practice. This role is focused on helping clients modernize security operations by designing next-generation SOC capabilities thatleverageautomation AI-enabled workflows agentic security operations advanced analytics SIEM/SOAR platforms threat intelligence and scalable detection and response processes.

You will help clients move beyond traditional manually intensive SOC models toward more intelligent automated and resilient security operations. This includes assessing current-state SOC capabilities rationalizing fragmented tooling designing future-state operating models defining agent-assisted workflows improving detection engineering automating investigation and response processes and enabling measurable improvements in analyst productivity detection coverage and response effectiveness.

You will serve as a trusted advisor to CIOs CISOs security operations leaders technology executives and cyber defense teams as they transform fragmented security operations into scalable intelligence-driven AI-enabled and human-governed SOC capabilities.

While this role will support clients across industries there is a strong preference for candidates with experience modernizing SOC capabilities forEnergy & Utilities clients including electric gas water and other critical infrastructure environments. Experience supporting Financial Services Healthcare Private Equity and other highly regulated sectors is also valuable where security operations regulatory requirements operational resilience and risk reduction are critical.

Experience withGoogle Security Operations / Google SecOpsis a plus but this role is intended to be broader than any single platform. The ideal candidate understands how to design modern SOC capabilities across people process data governance automation AI and technology.

WhatYoullDo

Lead Agentic SOC Modernization Strategy

• Assesscurrent-statesecurity operations capabilities across people process technology data governance automation and operating model dimensions.

• Define future-state SOC operating models that incorporate AI-assisted investigation agentic workflows automated enrichment response orchestration human-in-the-loop decisioning and continuous improvement.

• Develop SOC modernization roadmaps aligned to business risk cyber maturity regulatory obligations operational resilience goals staffing models and technology investments.

• Identifyopportunities to reduce alert fatigue improve analyst efficiency accelerate investigation and response increase detection coverage and improve the quality of security outcomes.

• Evaluate where AI agents automation analytics and orchestration can improve SOC workflows without introducing unacceptable operational privacy security or governance risk.

• Facilitate executive workshops and working sessions with security leadership infrastructure cloud data application compliance risk and operations stakeholders.

Design AI-Enabled and Agentic SOC Capabilities

• Architect AI-enabled SOC capabilities that support alert triage evidence gathering enrichment summarization detection authoring threat hunting response recommendation case management and executive reporting.

• Define agentic SOC use cases that improve security operations outcomes including autonomous or semi-autonomous investigation support alert correlation threat intelligence enrichment detection tuning playbook execution and analyst decision support.

• Design human-in-the-loop controls escalation points approval gates logging monitoring and quality assurance processes for agentic security operations.

• Develop operating models for how analysts engineers incident responders threat hunters SOC managers and AI-enabled tools work together across the detection and response lifecycle.

• Advise clients on responsible and secure use of AI in security operations including access control data protection model governance prompt security output validation auditability and operational risk management.

• Help clients define practical AI-enabled SOC use cases that improve detection response analyst productivity cyber resilience and executive visibility.

Modernize SIEM SOAR & Detection Engineering

• Architect and improve SIEM SOAR security analytics and case management capabilities across platforms such as Splunk Microsoft Sentinel Google SecOps Palo Alto Cortex ServiceNow SecOps CrowdStrike and similar technologies.

• Build detection engineering strategies aligned to MITRE ATT&CK threat intelligence business-critical assets regulatory priorities OT/ICS risk scenarios and client-specific threat models.

• Design alert triage enrichment escalation case management automated response and incident workflow capabilities.

• Define threat huntingdetectionlifecycle management detection-as-code tuning content governance and use-case performance measurement practices.

• Establish SOC metrics and KPIs including mean time to detect mean time to respond alert quality false positive reduction automation rates detection coverage analyst productivity and operational resilience.

• Developimplementationroadmaps that sequence telemetry onboarding detection use cases automation opportunities workflow changes analyst enablement and operational adoption.

Rationalize Security Tooling Telemetry & Data Sources

• Evaluate security tool portfolios toidentifyoverlapping capabilities integration gaps consolidation opportunities and replace/retaindecisions.

• Assess SIEM SOAR XDR EDR threat intelligence vulnerability management cloud security identity ticketing and workflow platforms todeterminehow they support future-state SOC capabilities.

• Define ingestion strategies for enterprise telemetry cloud logs endpoint data identity data network data SaaS platforms vulnerability data application logs OT/ICS data and third-party security sources.

• Design normalized data models parsing strategies correlation logic enrichment pipelines analytics workflows reporting capabilities and evidence collection processes.

• Develop cost capability integration and operational impact analyses to support security tool modernization decisions.

• Partner with technology procurement finance security and risk stakeholders to build actionable tooling roadmaps aligned to renewal windows architecture dependencies budget constraints and business priorities.

• Integrate enterprise and OT telemetry into unified SOC monitoring and response environments where applicable.

Strengthen SOC Governance Risk & Compliance Alignment

• Align SOC modernization efforts to frameworks and regulatory requirements such as NIST CSF NIST 800-53 ISO 27001 NERC CIP IEC 62443 HIPAA GLBA PCI DSS and other industry-specific obligations.

• Design control validation audit readiness evidence collection logging monitoring and reporting capabilities within security operations workflows.

• Ensure security monitoring detection response and logging strategiessupportcompliance resilience cyber risk management and executive reportingobjectives.

• Define governance models fordetectioncontent ownership playbook approval automation changes AI-enabled workflows exception management escalation paths and continuous improvement.

• Translate complex technical recommendations into executive-level narratives focused on business risk operational resilience investment priorities and measurable outcomes.

Support Google SecOps and Other Modern SOC Platforms

• Support clients evaluating designing or implementing modern SOC platforms including Google Security Operations / Google SecOps Splunk Microsoft Sentinel Palo Alto Cortex ServiceNow SecOps and comparable technologies.

• Conduct capability assessments platform fit analyses and replacement/retainevaluations for legacy SIEM/SOAR and adjacent security tools.

• Advise clients on migration considerations from legacy SIEM/SOAR platforms to modern SOC platforms while managing continuity regulatory requirements operational risk and analyst adoption.

• Where applicable design Google SecOps-enabled capabilities for SIEM SOAR threat detection investigation response security analytics and data ingestion.

• Define platformimplementationroadmaps including onboarding waves integration priorities detection sequencing automation opportunities reporting requirements and operational adoption plans.

Drive Client & Practice Impact

• Serve as a trusted advisor to client executives security operations leaders SOC managers security engineers and technology stakeholders.

• Lead architecture workshops SOC maturity assessments platform assessments operating model design tooling rationalization and modernization planning engagements.

• Support proposal development solution design estimation delivery planning and client presentations.

• Contribute to WestMonroethought leadership reference architectures accelerators and delivery methods for Agentic SOC modernization AI-enabled security operations SIEM/SOAR transformation detection engineering and cyber defense modernization.

• Mentor team members and help grow West Monroes capabilities in modern security operations AI-enabled cyber defense SOC transformation and security platform modernization.
• Leverage AI tools to accelerate analysis synthesize compleec information and support date-driven recommendations for clients exercising sound judgment of client outcomes .

What You Bring

• 710 years of experience in security architecture security operations SOC modernization SIEM/SOAR engineering detection engineering incident response security automation or cybersecurity consulting.

• Experience designing implementing or modernizing SOC capabilities in enterprise regulated or critical infrastructure environments.

• Strong understanding of modern SOC operating models including detection engineering alert triage investigation workflows threat hunting incident response case management escalation processes and security operations governance.

• Experience designing AI-enabled or automation-enabled security operations capabilities including analystassist enrichment alert summarization workflow orchestration response automation or agentic SOC use cases.

• Strong understanding of SIEM SOAR XDR security telemetry log ingestion data normalization correlation enrichment detection content case management and incident response workflows.

• Experience assessing rationalizing andconsolidatingenterprise cybersecurity tools and developing actionable modernization roadmaps.

• Familiarity with enterprise security technologies such as EDR/XDR IAM PAM cloud security network security vulnerability management threat intelligence DLP ITSM and SecOps workflow platforms.

• Experience integrating security data from cloud endpoint identity network application SaaS infrastructure and third-party sources.

• Ability to design SOC operating models analyst workflows escalation paths governance processes control points and performance metrics.

• Familiarity with AI-enabled security operations automation analytics responsible AI and operational governance considerations.

• Experience with governance risk and compliance frameworks such as NIST CSF NIST 800-53 ISO 27001 NERC CIP IEC 62443 HIPAA GLBA PCI DSS or related standards.

• Strong executive communication stakeholder engagement facilitation and consulting skills.

• Ability to translate business risk and operationalobjectivesinto secure scalable and practical security operations architectures.

• Willingness to travel for client engagements.
• Experience integration AI tools() into day to day workflows to enhance productivity and insight generation coupled with strong critical thinking to acesss accuracy mitigate bias and ensure high-quality outputs.
• Must be eligible to work in the United States without the need for sponsorship now or in the future

Preferred / Plus Qualifications

• Prior consulting experience in a client-facing advisory or delivery leadership role.

• Experience with Google Security Operations / Google SecOps Chronicle SIEM Chronicle SOAR Google Cloud security servicesBigQuery data pipelines or security analytics architectures.

• Google Security Operations Google Cloud or related security certifications.

• Experience migrating from legacy SIEM/SOAR platforms to Google SecOps Splunk Microsoft Sentinel Palo Alto Cortex ServiceNow SecOps or other modern SOC platforms.

• Experience with platforms such as Splunk Microsoft Sentinel Google SecOps ServiceNow SecOps Palo Alto Cortex CrowdStrike Okta SailPoint MandiantVirusTotal Wiz Prisma Cloud or similar enterprise security tools.

• Experience leading or supporting SOC modernization AI-enabled security operations SIEM/SOAR transformation detection engineering security automation or security operations improvement programs.

• Experience supporting Energy & Utilities clients including electric gas water critical infrastructure environments or other highly regulated industries such as Financial Services or Healthcare.

• Experience integrating OT/ICS telemetry or operational security monitoring into enterprise SOC environments.

• Familiarity with threat intelligence MITRE ATT&CK detection-as-code YARA-L Sigma SOAR playbooks and detection lifecycle management.

• Familiarity with agentic AI design patterns autonomous workflow orchestration AI governance responsible AI model risk management and security controls for AI-enabled cyber defense.

• Relevant certifications such as CISSP CISM CCSP GSEC GCIA GCIH GCFA Google Cloud security certifications or similar credentials.

Candidate Profile Summary

The ideal candidate is asecurity operations architectwho canoperateat both the executive advisory and technical architecture levels. They understand how to assess SOC maturity rationalize legacy tooling modernize detection and response capabilities and design AI-enabled agent-assisted and automation-driven security operations.

This person should be comfortable helping clients move from fragmented manual and platform-centric SOC models toward integrated intelligence-driven human-governed and agentic SOC capabilities. They can define practical use cases design operating models guide platform modernization improve detection engineering and translate technical security operations improvements into measurable business risk reduction.

Experience withGoogle SecOps is valuable and preferred but the broader need is for someone who can design and lead SOC modernization across platforms operating models telemetry strategies automation AI-enabled workflows governance and client-specific risk priorities.

job description here

Other consultancies talk at you.
At West Monroe we work with you.

Were a global business and technology consulting firm passionate about creating measurable value for our clients delivering real-world solutions.

The combination of business and technology is not new but how we bring them together is unique. Were fluent in both. We know that technology alone is not the answer but how we apply it is. We rely on data to constantly adapt and solve new challenges. Actions that work today with outcomes that generate value for years to come.

At West Monroe we zero in on the heart of the opportunity getting to results faster and preparing people for whats next.

Youll feel the difference in how we work. We show up personally. Were right there in the room with you co-creating through the challenges. With West Monroe collaboration isnt a lofty promise but a daily action. We work together with you to turn vision into clear action with lasting impact.

West Monroeis an Equal Employment Opportunity Employer
We believe in treating each employee and applicant for employment fairly and with dignity. We base our employment decisions on merit experience and potential without regard to race color national origin sex sexual orientation gender identity marital status age religion disability veteran status or any other characteristic prohibited by federal state or local law. To learn more about diversity equity and inclusion at West Monroe visit If you require a reasonable accommodation to participate in our recruiting process please inquire by sending an email to .

Please review our current policy regarding use of generative artificial intelligence during the application process.

If you are based in California we encourage you to read West Monroes Notice at Collection for California residents provided pursuant to the California Consumer Privacy Act (CCPA) and linkedhere.