XSOAR Architect; Secret clearance

Valid Secret security clearance required

Design and lead the implementation of Palo Alto Cortex Security Orchestration, Automation, and Response (XSOAR) to enable Security Incident Management (SecIM), automation, and orchestration integrated with the Elastic Security Information and Event Management (SIEM) platform.

• Design XSOAR architecture and deployment model (multi‑tenant, scalable)
• Define incident ingestion workflows from Elastic SIEM into XSOAR
• Design automation strategy and playbook framework
• Playbook isolation
• Role‑Based Access Control (RBAC) model
• Design integrations with:
• SIEM
• Endpoint Detection and Response (EDR) platforms
• Firewalls and network security tools
• Identity and Access Management (IAM) systems
• Ticketing systems (Service Now, Jira)
• Define incident lifecycle and case management model (SecIM)
• Human‑in‑the‑loop controls
• Define high availability (HA), disaster recovery (DR), and backup strategies
• Ensure alignment with Security Assessment and Authorization (SA&A) and compliance requirements
• Collaborate with Elastic, Google Cloud Platform (GCP), and network architecture teams

• Strong experience with Palo Alto Cortex XSOAR architecture
• Deep understanding of Security Operations Centre (SOC) workflows
• Expertise in automation and orchestration design
• Experience integrating security tools and application programming interfaces (APIs)
• Strong knowledge of incident response processes and frameworks
• Understanding of multi‑tenant security platform design

• 7-10+ years in Security Operations, Incident Response, or Security Architecture
• 3-5+ years hands‑on experience with Cortex XSOAR
• Experience integrating SIEM, EDR, identity, and network tools
• Experience in multi‑tenant or Managed Security Service Provider (MSSP) environments
• Strong understanding of automation governance and risk management
• Experience in regulated environments
• Experience designing high‑availability and disaster recovery architectures