Senior Cyber Security Engineer

We are seeking a Senior Cyber Security Engineer to play a pivotal role in advancing our detection, response, and automation capabilities across a modern enterprise security stack. In this role, you will serve as a hands‑on technical leader responsible for designing, engineering, and optimizing Cortex XSIAM to deliver high‑fidelity detections, scalable automation, and rapid incident response. You will work with rich telemetry spanning endpoint, network, cloud, and identity data to turn adversary behavior into actionable analytics that measurably reduce risk.

This position is ideal for an experienced detection or security operations engineer who thrives at the intersection of platform engineering and threat expertise. You will collaborate closely with SOC analysts, incident responders, and fellow engineers, influence detection strategy, and mentor others while working on creative solutions that matter at enterprise scale. You’ll have the opportunity to shape how security operations evolves, driving improvements in signal quality, automation maturity, and mean time to respond, while continuously expanding your technical depth in XSIAM, XQL, and advanced security analytics.

• Platform Engineering:
  Design, deploy, and maintain Cortex XSIAM detections, correlations, and analytics across endpoint, network, cloud, and identity data sources. Build and tune detection logic to reduce noise while improving true positive rates. Perform ongoing platform optimization, including ingest management, rule tuning, and performance improvements.
• Detection Engineering & Threat Hunting:
  Develop and maintain custom detections using XQL (Cortex Query Language). Conduct proactive threat hunting and investigations using XSIAM analytics and telemetry. Translate threat intelligence and adversary techniques into actionable detections aligned to MITRE ATT&CK.
• Automation & Response:
  Design and maintain automated response playbooks to accelerate incident containment and remediation. Integrate XSIAM with enterprise tooling (e.g., identity, EDR, ticketing, cloud, network security platforms). Support continuous improvement of MTTR through automation and orchestration.
• Operations &
  
  Collaboration:
  
  Partner with SOC analysts, incident responders, and engineering teams on investigations and response activities. Support post-go-live enhancements, backlog grooming, and technical debt reduction initiatives. Provide technical guidance and mentorship to engineers and analysts.

• Minimum 5+ years of experience in Security Operations, Detection Engineering, or SIEM/SOAR engineering
• Hands‑on experience with Palo Alto Networks Cortex XSIAM (or strong XDR/XSOAR experience with rapid XSIAM ramp‑up)
• Strong working knowledge of SIEM/XDR concepts and log analytics, incident response and threat detection workflows, and automation and orchestration use cases
• Proficiency with XQL, KQL, SPL, or similar security query languages
• Experience integrating data from endpoint, network, cloud, and identity platforms
• Strong scripting experience (Python preferred)
• Experience operating security platforms at enterprise scale
• Preferred experience with endpoint security (Cortex XDR, Defender, Crowd Strike, etc.), cloud security telemetry (AWS, Azure, GCP), identity and access logs (AD, Azure AD, IAM)
• Familiarity with MITRE ATT&CK and threat intelligence frameworks
• Experience supporting a 24/7 SOC or global security operations team
• Bachelor’s degree in computer science, information assurance, MIS or equivalent industry experience.
• Palo Alto Networks Certified XSIAM Engineer or Analyst certification preferred.
• Additional industry certifications are a plus (i.e., CEH, CISM, etc.)