More jobs:
Cyber Detection & Automation Engineer; XSOAR/XSIAM Content Engineering
Job in
Cleveland, Cuyahoga County, Ohio, 44101, USA
Listed on 2026-06-18
Listing for:
HEITMEYER CONSULTING INC
Full Time
position Listed on 2026-06-18
Job specializations:
-
IT/Tech
Cybersecurity -
Engineering
Cybersecurity
Job Description & How to Apply Below
Job Summary
This role supports our banking client’s
AI-Ready Cyber Resilience program by providing BAU augmentation for cyber detection and automation engineering within the Cyber Detection and Automation team. The engineer will sustain and enhance current Cortex XSOAR / XSIAM operations, ensuring playbooks, automations, scripts, correlation rules, parsing logic, and XDM data models remain effective, scalable, and aligned to evolving enterprise security needs.
This is a hands-on technical engineering role focused on keeping detection content healthy, improving automation quality, addressing platform enhancements/defects, and enabling new data source normalization and content coverage.
Top 3 Priorities in First 90 Days- Triage and resolve tuning requests, bug fixes, and enhancement requests.
- Maintain playbooks, automation rules, scripts, reports, dashboards, and correlation logic.
- Work incoming requests through a structured Kanban process.
- Prioritize sustainment work and ensure operational responsiveness.
- Update parsing rules using regex.
- Create and maintain XDM data models for sources that currently lack standardized mappings.
- 4–8+ years total experience – mid-level to senior engineer
- Must be capable of working independently in a technically complex BAU environment
- Direct hands-on experience with Cortex XSOAR and Cortex XSIAM
- Experience building, tuning, and sustaining
:- correlation rules
- playbooks
- automations
- automation rules
- dashboards
- reports
- scripts (
Python
)
- Experience handling operational sustainment / BAU support in a SOC, detection engineering, or security platform engineering environment
- Experience with parsing using regex
- Experience building, updating, or supporting XDM data models
- Ability to manage an engineering intake process from Service Now into a JIRA backlog / Kanban board
- Strong troubleshooting and prioritization skills in a high-volume request environment
- Experience in any
banking / fintech / paymentsregulated enterprise security environment
- Familiarity with SIEM/SOAR content lifecycle management
- Experience with data source onboarding, log normalization, and telemetry integration
- Exposure to SOC use cases, detection tuning, and alert quality improvement-li>
- Experience supporting enterprise dashboards and reporting in XSIAM/XSOAR
- Understanding of security operations processes and incident response workflows
- Familiarity with API integrations or Python-based platform extensions
- Large enterprise SOC Engineering / Detection Engineering teams
- Financial services cybersecurity organizations
- Security consulting firms supporting Palo Alto Cortex implementations
- Cyber automation teams supporting XSOAR / XSIAM / SIEM / SOAR platforms
- Managed detection / security engineering teams with strong sustainment responsibility
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×