"Cortex XSIAM Engineer"

Experience / Qualifications Cortex XSIAM

Exceptional written and verbal communication and presentation skills with the ability to articulate complex technical concepts to both technical and non-technical stakeholders.

6 years of hands-on experience deploying and managing SIEM and SOAR solutions in large-scale enterprise environments including direct experience with Palo Alto Networks Cortex XSIAM.

Proven expertise in onboarding log sources and integrating them into Cortex XSIAM using Broker VMs XDR Collectors and custom ingestion methods.

Proficient in developing and managing XSIAM Data Models including field mapping enrichment normalization and schema standardization across multiple data sources.

Strong experience crafting and optimizing detection logic using XQL (XSIAM Query Language) to build high-fidelity correlation rules dashboards and proactive threat hunting queries.

Solid understanding of Palo Alto XDR endpoint integration sensor health monitoring and policy tuning for enhanced endpoint visibility.

Experienced in event collection strategy log onboarding log tuning and normalization to ensure high-quality and actionable data within the XSIAM platform.

Demonstrated ability to translate security monitoring requirements into use cases and actionable detection content aligned with MITRE ATT&CK and industry best practices.

Familiarity with broader SIEM technologies (e.g. Splunk IBM QRadar) and how they compare/contrast with Cortex XSIAM architecture and capabilities.

Strong grasp of security operations workflows alert triage threat detection incident response and automation within XSIAM.

Hands-on experience creating and managing security dashboards and visualizations to provide meaningful insights for SOC teams and leadership.

Expertise in Regular Expressions (Regex) JSON parsing and log analysis to derive context-rich detection strategies.

Working knowledge of generating performance and health reports across log source status ingestion rates data pipeline performance and detection coverage.

Relevant certifications (e.g. Palo Alto Networks Certified XSIAM Engineer or XSIAM Analyst or XSIAM EDU-270). Bachelors degree in computer science Information Security or related field is a plus.

Activities / Responsibilities Cortex XSIAM

Collaborate with technical leads and stakeholders to define and execute a robust log ingestion strategy for Cortex XSIAM using Broker VMs and Collectors.

Serve as both a Security Analyst and SIEM Engineer owning end-to-end workflows from data onboarding to detection content development and incident response support.

Design and implement XQL-based correlation rules to detect and alert on suspicious behavior across endpoint network and cloud environments.

Create tune and manage data models to normalize and enrich telemetry data in alignment with Cortex XSIAMs schema requirements.

Build operational dashboards using XQL that provide actionable insights into threat posture detection efficacy and log source coverage.

Act as SME for XSIAM log ingestion processes correlation logic alert tuning and detection strategy development.

Engage directly with end customers to assess their environment identify visibility gaps and provide strategic recommendations for log onboarding and threat coverage.

Monitor optimize and troubleshoot log source ingestion pipelines and Collector/Broker VM performance.

Fine-tune alerts and detections to minimize false positives and improve SOC analyst efficiency.

Collaborate with threat intelligence and detection engineering teams to implement behavioral detections mapped to ATT&CK techniques.

Support analyst teams in interpreting alerts performing incident investigations and leveraging XSIAMs investigation and automation features.

Drive automation opportunities using XSIAM playbooks to reduce manual workload and enhance response times.

Conduct workshops training sessions and periodic health checks with customers to promote adoption and maturity in their XSIAM usage.

Participate in post-incident reviews and detection gap analysis to strengthen overall threat detection strategy.