As a Cybersecurity Engineer specializing in SIEM/SOAR technologies, you will serve as a technical authority in managing and enhancing enterprise security operations. Your primary focus will be on deploying and refining Palo Alto Networks XSIAM to strengthen threat detection, streamline analyst workflows, and improve overall security posture through automation and intelligent data correlation.
Key Responsibilities
- Serve as the go-to expert for enterprise log data architecture, driving consistency and performance across security monitoring systems
- Configure and maintain XSIAM platforms to enhance visibility and operational efficiency within the Security Operations Center (SOC)
- Design, implement, and refine automated security playbooks to accelerate incident response
- Integrate and tune XDR capabilities to enable proactive identification of emerging threats
- Establish and optimize log ingestion pipelines, ensuring reliable data quality and system scalability
- Develop custom dashboards and reporting tools that deliver actionable insights in real time
- Diagnose and resolve complex technical issues affecting XSIAM, XSOAR, or connected security tools
- Ensure seamless interoperability between security platforms and third-party technologies
- Guide internal teams with practical recommendations and direct technical support
- Document configurations, procedures, and detection logic to ensure operational continuity
- Lead the development of enterprise-wide log ingestion strategies to feed accurate, timely data into analytics systems
- Create advanced correlation rules and detection logic to counter sophisticated attack patterns
- Continuously tune log sources and rules to improve system accuracy and reduce noise
- Identify and implement automation opportunities to improve alert triage and response workflows
Required Qualifications
- Minimum of three years of hands-on experience with Palo Alto Networks XSOAR, XSIAM, and Cortex XDR
- Deep understanding of SIEM, XDR, and security operations principles
- Proven experience with log pipeline technologies such as Cribl, Vector, Logstash, or Tenzir
- Proficiency in scripting languages including Python or PowerShell for automation tasks
- Strong background in log analysis, event correlation, and alert optimization
- Ability to communicate effectively with technical teams and leadership stakeholders
Preferred Qualifications
- Real-world deployment and management of XSIAM in production environments
- Hold relevant certifications such as PCNSE or Palo Alto XSIAM/XSOAR credentials
- Experience working with AWS, Azure, or Google Cloud Platform
- Track record of translating business needs into technical security requirements
- Experience creating and maintaining technical documentation, including architecture and flow diagrams
- Familiarity with tools from Splunk, Elastic, CrowdStrike, Sentinel One, or similar platforms
- Exposure to threat hunting practices and associated tooling
- Degree in a relevant field or recognized industry certifications such as CISSP or GIAC
Work Environment
This role operates in a hybrid model, offering flexibility in work location and schedule based on team and operational needs. You’ll join a culture that values autonomy, collaboration, and continuous learning, with strong support for work-life balance and inclusive growth.
Commitment to Inclusion
We are an equal opportunity employer and welcome candidates of all backgrounds. We do not discriminate on the basis of race, religion, gender, sexual orientation, national origin, age, disability, or veteran status. Reasonable accommodations are available upon request during the hiring process.
