The Opportunity
I’m working with a fast-growing consultancy that specialises in helping organisations make sense of complex technology data and monitoring environments within the technology sector.
They’re looking to appoint a Security Monitoring Consultant to work closely with customers across security monitoring and/or observability initiatives. This is a client-facing role focused on discovery, solution design, and supporting delivery of scalable telemetry pipelines that reduce noise, manage cost, and improve outcomes.
What you’ll do
*Front-of-house Discovery & shaping
*Lead discovery workshops to understand sources, volumes, constraints, stakeholders, governance, and the real question: What value are we trying to deliver?
*Produce decision-grade outputs: current state, target state, roadmap, sprint backlog and a clear "definition of done".
*Translate between exec outcomes and engineer reality: cost, risk, resilience, detection efficacy, operational overhead.
Back-of-house delivery
Design telemetry pipelines from end-to-end (collect process route store), including:
*Collection: agents/collectors, APIs, syslog, cloud-native sources
*Routing: multi-destination delivery, buffering/retry, backpressure, failure modes
*Transformation: parsing, enrichment, filtering, masking/redaction (PII)
*Standardisation: Open Telemetry semantic conventions; OCSF mapping for security events where relevant
*Quality: validation, sampling, acceptance criteria, rollback plans
*Ideate Service Definitions & Deploy artefacts
*Design – service definitions – design patterns – that can used as part of both their discovery and design front of house phases
*Deploy – artefacts and tooling – used by our engineers to deploy
You’ll help us standardise "OEM-operate" patterns across multiple platforms by creating:
*onboarding patterns, runbooks + health checks
*upgrade & patch approaches
*support boundaries & SLAs
*"minimum viable operate" checklists per platform
Choose Your Primary Lens
(One required — experience in both is advantageous)
Security / SIEM
*Telemetry-to-use-case mapping
*Threat detection concepts and lifecycle awareness
*Event normalisation and structured security data models
Observability / ITOps
*Distributed systems and service-level thinking
*Metrics, logs, and traces correlation
*KPIs, SLIs, and SLOs
*Incident and problem management approaches
Technical backbone (you’ll be credible with engineers)
You should be able to, and have experience of, taking a messy ingest problem and producing a practical design that engineers can implement. This includes designing
*telemetry pipeline architectures: receivers processors exporters (OTel Collector model)
*pipeline tooling and patterns (e.g. Cribl Stream/Edge/Lake style: reduce/enrich/route to any destination, or other data pipeline tools)
*cost/noise optimisation: what drives ingest cost, reducing low-value telemetry, retention/lifecycle strategy
*security lake / long retention approaches (e.g., Amazon Security Lake (OCSF) + S3/Parquet; lakehouse stacks like Databricks/Snowflake/Trino/Athena)
*open detection layer awareness (e.g., OpenSearch Security Analytics; Splunk ES/ESCU where relevant)
Background That Fits Well
You might come from:
*data/telemetry engineering in a product company — and you’ve been the person who speaks to stakeholders
*consultancy/SI/MSP — and you want more ownership, less hierarchy, more building
*SRE/platform/data engineering that’s become increasingly customer-facing
What They’re Looking For
*Confident communicator in client-facing environments
*Organised and able to manage multiple workstreams
*Practical, delivery-focused mindset
*Curious, adaptable, and keen to improve how things are done
*Strong judgement and collaborative approach
Why Apply?
*High-impact consulting role with genuine ownership
*Influence over how solutions are designed and delivered
*Exposure to both security and observability disciplines
*Hybrid working model
*Competitive salary and benefits