The OpportunityI'm working with a fast-growing consultancy that specialises in helping organisations make sense of complex technology data and monitoring environments within the technology sector.They're looking to appoint a Security Monitoring Consultant to work closely with customers across security monitoring and/or observability initiatives. This is a client-facing role focused on discovery, solution design, and supporting delivery of scalable telemetry pipelines that reduce noise, manage cost, and improve outcomes.What you'll do Front-of-house Discovery & shapingLead discovery workshops to understand sources, volumes, constraints, stakeholders, governance, and the real question: What value are we trying to deliver?Produce decision-grade outputs: current state, target state, roadmap, sprint backlog and a clear "definition of done".Translate between exec outcomes and engineer reality: cost, risk, resilience, detection efficacy, operational overhead.Back-of-house delivery Design telemetry pipelines from end-to-end (collect process route store), including:Collection: agents/collectors, APIs, syslog, cloud-native sourcesRouting: multi-destination delivery, buffering/retry, backpressure, failure modesTransformation: parsing, enrichment, filtering, masking/redaction (PII)Standardisation: Open Telemetry semantic conventions; OCSF mapping for security events where relevantQuality: validation, sampling, acceptance criteria, rollback plansIdeate Service Definitions & Deploy artefacts Design - service definitions - design patterns - that can used as part of both their discovery and design front of house phasesDeploy - artefacts and tooling - used by our engineers to deployYou'll help us standardise "OEM-operate" patterns across multiple platforms by creating:onboarding patterns, runbooks + health checksupgrade & patch approachessupport boundaries & SLAs"minimum viable operate" checklists per platformChoose Your Primary Lens(One required - experience in both is advantageous)Security / SIEMTelemetry-to-use-case mappingThreat detection concepts and lifecycle awarenessEvent normalisation and structured security data modelsObservability / ITOpsDistributed systems and service-level thinkingMetrics, logs, and traces correlationKPIs, SLIs, and SLOsIncident and problem management approachesTechnical backbone (you'll be credible with engineers)You should be able to, and have experience of, taking a messy ingest problem and producing a practical design that engineers can implement. This includes designingtelemetry pipeline architectures: receivers processors exporters (OTel Collector model)pipeline tooling and patterns (e.g. Cribl Stream/Edge/Lake style: reduce/enrich/route to any destination, or other data pipeline tools)cost/noise optimisation: what drives ingest cost, reducing low-value telemetry, retention/lifecycle strategysecurity lake / long retention approaches (e.g., Amazon Security Lake (OCSF) + S3/Parquet; lakehouse stacks like Databricks/Snowflake/Trino/Athena)open detection layer awareness (e.g., OpenSearch Security Analytics; Splunk ES/ESCU where relevant)Background That Fits WellYou might come from:data/telemetry engineering in a product company - and you've been the person who speaks to stakeholdersconsultancy/SI/MSP - and you want more ownership, less hierarchy, more buildingSRE/platform/data engineering that's become increasingly customer-facingWhat They're Looking ForConfident communicator in client-facing environmentsOrganised and able to manage multiple workstreamsPractical, delivery-focused mindsetCurious, adaptable, and keen to improve how things are doneStrong judgement and collaborative approachWhy Apply?High-impact consulting role with genuine ownershipInfluence over how solutions are designed and deliveredExposure to both security and observability disciplinesHybrid working modelCompetitive salary and benefits