Senior Cybersecurity Architect, Agentic SOC Modernization & AI-Enabled Security Operations

West Monroe is seeking a Senior Cybersecurity Architect, Agentic SOC Modernization & AI-Enabled Security Operations to join our Cybersecurity & Enterprise Technology practice. This role is focused on helping clients modernize security operations by designing next-generation SOC capabilities that leverage automation, AI-enabled workflows, agentic security operations, advanced analytics, SIEM/SOAR platforms, threat intelligence, and scalable detection and response processes.

You will help clients move beyond traditional, manually intensive SOC models toward more intelligent, automated, and resilient security operations. This includes assessing current-state SOC capabilities, rationalizing fragmented tooling, designing future-state operating models, defining agent-assisted workflows, improving detection engineering, automating investigation and response processes, and enabling measurable improvements in analyst productivity, detection coverage, and response effectiveness.

You will serve as a trusted advisor to CIOs, CISOs, security operations leaders, technology executives, and cyber defense teams as they transform fragmented security operations into scalable, intelligence-driven, AI-enabled, and human-governed SOC capabilities.

While this role will support clients across industries, there is a strong preference for candidates with experience modernizing SOC capabilities for Energy & Utilities clients, including electric, gas, water, and other critical infrastructure environments. Experience supporting Financial Services, Healthcare, Private Equity, and other highly regulated sectors is also valuable where security operations, regulatory requirements, operational resilience, and risk reduction are critical.

Experience with Google Security Operations / Google SecOps is a plus, but this role is intended to be broader than any single platform. The ideal candidate understands how to design modern SOC capabilities across people, process, data, governance, automation, AI, and technology.

What You’ll Do

Lead Agentic SOC Modernization Strategy

• Assess current-state security operations capabilities across people, process, technology, data, governance, automation, and operating model dimensions.

• Define future-state SOC operating models that incorporate AI-assisted investigation, agentic workflows, automated enrichment, response orchestration, human-in-the-loop decisioning, and continuous improvement.

• Develop SOC modernization roadmaps aligned to business risk, cyber maturity, regulatory obligations, operational resilience goals, staffing models, and technology investments.

• Identify opportunities to reduce alert fatigue, improve analyst efficiency, accelerate investigation and response, increase detection coverage, and improve the quality of security outcomes.

• Evaluate where AI agents, automation, analytics, and orchestration can improve SOC workflows without introducing unacceptable operational, privacy, security, or governance risk.

• Facilitate executive workshops and working sessions with security leadership, infrastructure, cloud, data, application, compliance, risk, and operations stakeholders.

Design AI-Enabled and Agentic SOC Capabilities

• Architect AI-enabled SOC capabilities that support alert triage, evidence gathering, enrichment, summarization, detection authoring, threat hunting, response recommendation, case management, and executive reporting.

• Define agentic SOC use cases that improve security operations outcomes, including autonomous or semi-autonomous investigation support, alert correlation, threat intelligence enrichment, detection tuning, playbook execution, and analyst decision support.

• Design human-in-the-loop controls, escalation points, approval gates, logging, monitoring, and quality assurance processes for agentic security operations.

• Develop operating models for how analysts, engineers, incident responders, threat hunters, SOC managers, and AI-enabled tools work together across the detection and response lifecycle.

• Advise clients on responsible and secure use of AI in security operations, including access control, data protection, model governance, prompt security, output validation, auditability, and operational risk management.

• Help clients define practical AI-enabled SOC use cases that improve detection, response, analyst productivity, cyber resilience, and executive visibility.

Modernize SIEM, SOAR & Detection Engineering

• Architect and improve SIEM, SOAR, security analytics, and case management capabilities across platforms such as Splunk, Microsoft Sentinel, Google SecOps, Palo Alto Cortex, ServiceNow SecOps, CrowdStrike, and similar technologies.

• Build detection engineering strategies aligned to MITRE ATT&CK, threat intelligence, business-critical assets, regulatory priorities, OT/ICS risk scenarios, and client-specific threat models.

• Design alert triage, enrichment, escalation, case management, automated response, and incident workflow capabilities.

• Define threat hunting, detection lifecycle management, detection-as-code, tuning, content governance, and use-case performance measurement practices.

• Establish SOC metrics and KPIs, including mean time to detect, mean time to respond, alert quality, false positive reduction, automation rates, detection coverage, analyst productivity, and operational resilience.

• Develop implementation roadmaps that sequence telemetry onboarding, detection use cases, automation opportunities, workflow changes, analyst enablement, and operational adoption.

Rationalize Security Tooling, Te