Job Description

Title: Cortex XSIAM Engineer

Duration: Full Time

Location: Dallas TX or Remote

Experience / Qualifications – Cortex XSIAM

• Exceptional written and verbal communication and presentation skills, with the ability to articulate complex technical concepts to both technical and non-technical stakeholders.
• 6+ years of hands-on experience deploying and managing SIEM and SOAR solutions in large-scale enterprise environments, including direct experience with Palo Alto Networks Cortex XSIAM.
• Proven expertise in onboarding log sources and integrating them into Cortex XSIAM using Broker VMs, XDR Collectors, and custom ingestion methods.
• Proficient in developing and managing XSIAM Data Models, including field mapping, enrichment, normalization, and schema standardization across multiple data sources.
• Strong experience crafting and optimizing detection logic using XQL (XSIAM Query Language) to build high-fidelity correlation rules, dashboards, and proactive threat hunting queries.
• Solid understanding of Palo Alto XDR endpoint integration, sensor health monitoring, and policy tuning for enhanced endpoint visibility.
• Experienced in event collection strategy, log onboarding, log tuning, and normalization to ensure high-quality and actionable data within the XSIAM platform.
• Demonstrated ability to translate security monitoring requirements into use cases and actionable detection content, aligned with MITRE ATT&CK and industry best practices.
• Familiarity with broader SIEM technologies (e.g., Splunk, IBM QRadar) and how they compare/contrast with Cortex XSIAM architecture and capabilities.
• Strong grasp of security operations workflows, alert triage, threat detection, incident response, and automation within XSIAM.
• Hands-on experience creating and managing security dashboards and visualizations to provide meaningful insights for SOC teams and leadership.
• Expertise in Regular Expressions (Regex), JSON parsing, and log analysis to derive context-rich detection strategies.
• Working knowledge of generating performance and health reports across log source status, ingestion rates, data pipeline performance, and detection coverage.

Relevant certifications (e.g., Palo Alto Networks Certified XSIAM Engineer or XSIAM Analyst or XSIAM EDU-270). Bachelor’s degree in computer science, Information Security, or related field is a plus.

͏

Do

• Ensuring customer centricity by providing apt cybersecurity 

• Monitoring and safeguarding the log sources and security access
• Planning for disaster recovery in the event of any security breaches
• Monitor for attacks, intrusions and unusual, unauthorized or illegal activity
• Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems
• Conduct security assessments, risk analysis and root cause analysis of security incidents
• Handling incidents escalated by the L1 team in 24x7 rotational shifts
• Use advanced analytics tools to determine emerging threat patterns and vulnerabilities
• Completing all tactical security operations tasks associated with this engagement.
• Analyses all the attacks and come up with remedial attack analysis
• Conduct detailed analysis of incidents and create reports and dashboards

• Stakeholder coordination & audit assistance

• Liaise with stakeholders in relation to cyber security issues and provide future recommendations
• Maintain an information security risk register and assist with internal and external audits relating to information security
• Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues
• Advice and guidance to employees on issues such as spam and unwanted or malicious emails

͏

Deliver

͏

͏