Senior Cybersecurity Architect, Agentic SOC Modernization & AI-Enabled Security Operations

West Monroe is seeking a Senior Cybersecurity Architect, Agentic SOC Modernization & AI-Enabled Security Operations to join our Cybersecurity & Enterprise Technology practice. This role is focused on helping clients modernize security operations by designing next-generation SOC capabilities that leverage automation, AI-enabled workflows, agentic security operations, advanced analytics, SIEM/SOAR platforms, threat intelligence, and scalable detection and response processes. 

You will help clients move beyond traditional, manually intensive SOC models toward more intelligent, automated, and resilient security operations. This includes assessing current-state SOC capabilities, rationalizing fragmented tooling, designing future-state operating models, defining agent-assisted workflows, improving detection engineering, automating investigation and response processes, and enabling measurable improvements in analyst productivity, detection coverage, and response effectiveness. 

You will serve as a trusted advisor to CIOs, CISOs, security operations leaders, technology executives, and cyber defense teams as they transform fragmented security operations into scalable, intelligence-driven, AI-enabled, and human-governed SOC capabilities. 

While this role will support clients across industries, there is a strong preference for candidates with experience modernizing SOC capabilities for Energy & Utilities clients, including electric, gas, water, and other critical infrastructure environments. Experience supporting Financial Services, Healthcare, Private Equity, and other highly regulated sectors is also valuable where security operations, regulatory requirements, operational resilience, and risk reduction are critical. 

Experience with Google Security Operations / Google SecOps is a plus, but this role is intended to be broader than any single platform. The ideal candidate understands how to design modern SOC capabilities across people, process, data, governance, automation, AI, and technology. 

What You’ll Do 

Lead Agentic SOC Modernization Strategy 

• Assess current-state security operations capabilities across people, process, technology, data, governance, automation, and operating model dimensions.  

• Define future-state SOC operating models that incorporate AI-assisted investigation, agentic workflows, automated enrichment, response orchestration, human-in-the- loop decisioning, and continuous improvement.  

• Develop SOC modernization roadmaps aligned to business risk, cyber maturity, regulatory obligations, operational resilience goals, staffing models, and technology investments.  

• Identify opportunities to reduce alert fatigue, improve analyst efficiency, accelerate investigation and response, increase detection coverage, and improve the quality of security outcomes.  

• Evaluate where AI agents, automation, analytics, and orchestration can improve SOC workflows without introducing unacceptable operational, privacy, security, or governance risk.  

• Facilitate executive workshops and working sessions with security leadership, infrastructure, cloud, data, application, compliance, risk, and operations stakeholders. 

Design AI-Enabled and Agentic SOC Capabilities 

• Architect AI-enabled SOC capabilities that support alert triage, evidence gathering, enrichment, summarization, detection authoring, threat hunting, response recommendation, case management, and executive reporting.  

• Define agentic SOC use cases that improve security operations outcomes, including autonomous or semi-autonomous investigation support, alert correlation, threat intelligence enrichment, detection tuning, playbook execution, and analyst decision support.  

• Design human-in-the-loop controls, escalation points, approval gates, logging, monitoring, and quality assurance processes for agentic security operations.  

• Develop operating models for how analysts, engineers, incident responders, threat hunters, SOC managers, and AI-enabled tools work together across the detection and response lifecycle.  

• Advise clients on responsible and secure use of AI in security operations, including access control, data protection, model governance, prompt security, output validation, auditability, and operational risk management.  

• Help clients define practical AI-enabled SOC use cases that improve detection, response, analyst productivity, cyber resilience, and executive visibility.  

Modernize SIEM, SOAR & Detection Engineering 

• Architect and improve SIEM, SOAR, security analytics, and case management capabilities across platforms such as Splunk, Microsoft Sentinel, Google SecOps, Palo Alto Cortex, ServiceNow SecOps, CrowdStrike, and similar technologies.  

• Build detection engineering strategies aligned to MITRE ATT&CK, threat intelligence, business-critical assets, regulatory priorities, OT/ICS risk scenarios, and client-specific threat models.  

• Design alert triage, enrichment, escalation, case management, automated response, and incident workflow capabilities.  

• Define threat hunting, detection lifecycle management, detection-as-code, tuning, content governance, and use-case performance measurement practices.  

• Establish SOC metrics and KPIs, including mean time to detect, mean time to respond, alert quality, false positive reduction, automation rates, detection coverage, analyst productivity, and operational resilience.  

• Develop implementation roadmaps that sequence telemetry onboarding, detection use cases, automation opportunities, workflow changes, analyst enablement, and operational adoption.  

Rationalize Security Tooling, Telemetry & Data Sources 

• Evaluate security tool portfolios to identify overlapping capabilities, integration gaps, consolidation opportunities, and replace/retain decisions.  

• Assess SIEM, SOAR, XDR, EDR, threat intelligence, vulnerability management, cloud security, identity, ticketing, and workflow platforms to determine how they support future-state SOC capabilities.  

• Define ingestion strategies for enterprise telemetry, cloud logs, endpoint data, identity data, network data, SaaS platforms, vulnerability data, application logs, OT/ICS data, and third-party security sources.  

• Design normalized data models, parsing strategies, correlation logic, enrichment pipelines, analytics workflows, reporting capabilities, and evidence collection processes.  

• Develop cost, capability, integration, and operational impact analyses to support security tool modernization decisions.  

• Partner with technology, procurement, finance, security, and risk stakeholders to build actionable tooling roadmaps aligned to renewal windows, architecture dependencies, budget constraints, and business priorities.  

• Integrate enterprise and OT telemetry into unified SOC monitoring and response environments where applicable.  

Strengthen SOC Governance, Risk & Compliance Alignment 

• Align SOC modernization efforts to frameworks and regulatory requirements such as NIST CSF, NIST 800-53, ISO 27001, NERC CIP, IEC 62443, HIPAA, GLBA, PCI DSS, and other industry-specific obligations.  

• Design control validation, audit readiness, evidence collection, logging, monitoring, and reporting capabilities within security operations workflows.  

• Ensure security monitoring, detection, response, and logging strategies support compliance, resilience, cyber risk management, and executive reporting objectives.  

• Define governance models for detection content ownership, playbook approval, automation changes, AI-enabled workflows, exception management, escalation paths, and continuous improvement.  

• Translate complex technical recommendations into executive- level narratives focused on business risk, operational resilience, investment priorities, and measurable outcomes. 

Support Google SecOps and Other Modern SOC Platforms 

• Support clients evaluating, designing, or implementing modern SOC platforms, including Google Security Operations / Google SecOps, Splunk, Microsoft Sentinel, Palo Alto Cortex, ServiceNow SecOps, and comparable technologies.  

• Conduct capability assessments, platform fit analyses, and replacement/retain evaluations for legacy SIEM/SOAR and adjacent security tools.  

• Advise clients on migration considerations from legacy SIEM/SOAR platforms to modern SOC platforms while managing continuity, regulatory requirements, operational risk, and analyst adoption.  

• Where applicable, design Google SecOps-enabled capabilities for SIEM, SOAR, threat detection, investigation, response, security analytics, and data ingestion.  

• Define platform implementation roadmaps, including onboarding waves, integration priorities, detection sequencing, automation opportunities, reporting requirements, and operational adoption plans. 

Drive Client & Practice Impact 

• Serve as a trusted advisor to client executives, security operations leaders, SOC managers, security engineers, and technology stakeholders.  

• Lead architecture workshops, SOC maturity assessments, platform assessments, operating model design, tooling rationalization, and modernization planning engagements.  

• Support proposal development, solution design, estimation, delivery planning, and client presentations.  

• Contribute to West Monroe thought leadership, reference architectures, accelerators, and delivery methods for Agentic SOC modernization, AI-enabled security operations, SIEM/SOAR transformation, detection engineering, and cyber defense modernization.  

• Mentor team members and help grow West Monroe’s capabilities in modern security operations, AI-enabled cyber defense, SOC transformation, and security platform modernization.  
• Leverage AI tools to accelerate analysis, synthesize compleec information and support date-driven recommendations for clients, exercising sound judgment of client outcomes .

What You Bring 

• 7–10+ years of experience in security architecture, security operations, SOC modernization, SIEM/SOAR engineering, detection engineering, incident response, security automation, or cybersecurity consulting.  

• Experience designing, implementing, or modernizing SOC capabilities in enterprise, regulated, or critical infrastructure environments.  

• Strong understanding of modern SOC operating models, including detection engineering, alert triage, investigation workflows, threat hunting, incident response, case management, escalation processes, and security operations governance.  

• Experience designing AI-enabled or automation-enabled security operations capabilities, including analyst assist, enrichment, alert summarization, workflow orchestration, response automation, or agentic SOC use cases.  

• Strong understanding of SIEM, SOAR, XDR, security telemetry, log ingestion, data normalization, correlation, enrichment, detection content, case management, and incident response workflows.  

• Experience assessing, rationalizing, and consolidating enterprise cybersecurity tools and developing actionable modernization roadmaps.  

• Familiarity with enterprise security technologies such as EDR/XDR, IAM, PAM, cloud security, network security, vulnerability management, threat intelligence, DLP, ITSM, and SecOps workflow platforms.  

• Experience integrating security data from cloud, endpoint, identity, network, application, SaaS, infrastructure, and third-party sources.  

• Ability to design SOC operating models, analyst workflows, escalation paths, governance processes, control points, and performance metrics.  

• Familiarity with AI-enabled security operations, automation, analytics, responsible AI, and operational governance considerations.  

• Experience with governance, risk, and compliance frameworks such as NIST CSF, NIST 800-53, ISO 27001, NERC CIP, IEC 62443, HIPAA, GLBA, PCI DSS, or related standards.  

• Strong executive communication, stakeholder engagement, facilitation, and consulting skills.  

• Ability to translate business risk and operational objectives into secure, scalable, and practical security operations architectures.  

• Willingness to travel for client engagements.  
• Experience integration AI tools(e.g.,ChatGPT) into day to day workflows to enhance productivity and insight generation, coupled with strong critical thinking to acesss accuracy, mitigate bias, and ensure high-quality outputs.
• Must be eligible to work in the United States without the need for sponsorship now or in the future

Preferred / Plus Qualifications 

• Prior consulting experience in a client-facing advisory or delivery leadership role.  

• Experience with Google Security Operations / Google SecOps, Chronicle SIEM, Chronicle SOAR, Google Cloud security services, BigQuery, data pipelines, or security analytics architectures.  

• Google Security Operations, Google Cloud, or related security certifications.  

• Experience migrating from legacy SIEM/SOAR platforms to Google SecOps, Splunk, Microsoft Sentinel, Palo Alto Cortex, ServiceNow SecOps, or other modern SOC platforms.  

• Experience with platforms such as Splunk, Microsoft Sentinel, Google SecOps, ServiceNow SecOps, Palo Alto Cortex, CrowdStrike, Okta, SailPoint, Mandiant, VirusTotal, Wiz, Prisma Cloud, or similar enterprise security tools.  

• Experience leading or supporting SOC modernization, AI-enabled security operations, SIEM/SOAR transformation, detection engineering, security automation, or security operations improvement programs.  

• Experience supporting Energy & Utilities clients, including electric, gas, water, critical infrastructure environments, or other highly regulated industries such as Financial Services or Healthcare.  

• Experience integrating OT/ICS telemetry or operational security monitoring into enterprise SOC environments.  

• Familiarity with threat intelligence, MITRE ATT&CK, detection-as-code, YARA-L, Sigma, SOAR playbooks, and detection lifecycle management.  

• Familiarity with agentic AI design patterns, autonomous workflow orchestration, AI governance, responsible AI, model risk management, and security controls for AI-enabled cyber defense.  

• Relevant certifications such as CISSP, CISM, CCSP, GSEC, GCIA, GCIH, GCFA, Google Cloud security certifications, or similar credentials.  

Candidate Profile Summary 

The ideal candidate is a security operations architect who can operate at both the executive advisory and technical architecture levels. They understand how to assess SOC maturity, rationalize legacy tooling, modernize detection and response capabilities, and design AI- enabled, agent-assisted, and automation-driven security operations. 

This person should be comfortable helping clients move from fragmented, manual, and platform-centric SOC models toward integrated, intelligence-driven, human-governed, and agentic SOC capabilities. They can define practical use cases, design operating models, guide platform modernization, improve detection engineering, and translate technical security operations improvements into measurable business risk reduction. 

Experience with Google SecOps is valuable and preferred, but the broader need is for someone who can design and lead SOC modernization across platforms, operating models, telemetry strategies, automation, AI-enabled workflows, governance, and client-specific risk priorities. 

job description here