SIEM Engineer

Summary:

We are seeking an experienced Cortex XSIAM Engineer to join our cybersecurity team. This role is pivotal in deploying, managing, and optimizing our Cortex XSIAM environment to enhance our security operations. The ideal candidate will have a strong background in cybersecurity analytics and be adept at using Palo Alto Networks technologies.

Responsibilities:

• Deploy, configure, and manage Cortex XSIAM, focusing on data lake, analytics, and automation.
• Onboard and integrate logs and telemetry from various platforms including Cortex XDR, NGFW, Prisma Cloud, O365, AWS, Azure, GCP, Okta, and CrowdStrike.
• Ensure data quality, ingestion health, and system performance are maintained.
• Develop and fine-tune XQL detections, correlation rules, and behavioral analytics in alignment with MITRE ATT&CK framework.
• Build and enhance Cortex XSOAR playbooks and automated workflows for robust automation and integration.
• Integrate new APIs and security tools into the XSIAM ecosystem.
• Create dashboards and reports to demonstrate detection coverage, rule performance, and platform health.
• Maintain comprehensive documentation including runbooks, diagrams, and engineering documentation.

Required Skills:

• 5–9 years of experience in SOC engineering, SIEM/SOAR, or cybersecurity analytics.
• At least 2 years of hands-on experience with Palo Alto Cortex XSIAM, including deployment, detections, and onboarding.
• Strong knowledge of SIEM pipelines, event correlation, and log normalization.
• Expertise in XQL, Python, JSON, and REST APIs.
• Good understanding of cloud telemetry and modern SOC technologies like XDR, UEBA, EDR, WAF, and CASB.
• Relevant certifications such as PCDRE, PCSAE, PCNSE, GCDA, or other GIAC certifications are preferred.