Need: Job Title || Cortex XSIAM Engineer || Dallas TX
Snigdh Mishra
Title: Cortex XSIAM Engineer
Location: Dallas TX - Hybrid
Duration: Contract
Experience / Qualifications – Cortex XSIAM
· Exceptional written and verbal communication and presentation skills, with the ability to articulate complex technical concepts to both technical and non-technical stakeholders.
· 6+ years of hands-on experience deploying and managing SIEM and SOAR solutions in large-scale enterprise environments, including direct experience with Palo Alto Networks Cortex XSIAM.
· Proven expertise in onboarding log sources and integrating them into Cortex XSIAM using Broker VMs, XDR Collectors, and custom ingestion methods.
· Proficient in developing and managing XSIAM Data Models, including field mapping, enrichment, normalization, and schema standardization across multiple data sources.
· Strong experience crafting and optimizing detection logic using XQL (XSIAM Query Language) to build high-fidelity correlation rules, dashboards, and proactive threat hunting queries.
· Solid understanding of Palo Alto XDR endpoint integration, sensor health monitoring, and policy tuning for enhanced endpoint visibility.
· Experienced in event collection strategy, log onboarding, log tuning, and normalization to ensure high-quality and actionable data within the XSIAM platform.
· Demonstrated ability to translate security monitoring requirements into use cases and actionable detection content, aligned with MITRE ATT&CK and industry best practices.
· Familiarity with broader SIEM technologies (e.g., Splunk, IBM QRadar) and how they compare/contrast with Cortex XSIAM architecture and capabilities.
· Strong grasp of security operations workflows, alert triage, threat detection, incident response, and automation within XSIAM.
· Hands-on experience creating and managing security dashboards and visualizations to provide meaningful insights for SOC teams and leadership.
· Expertise in Regular Expressions (Regex), JSON parsing, and log analysis to derive context-rich detection strategies.
· Working knowledge of generating performance and health reports across log source status, ingestion rates, data pipeline performance, and detection coverage.
· Relevant certifications (e.g., Palo Alto Networks Certified XSIAM Engineer or XSIAM Analyst or XSIAM EDU-270). Bachelor’s degree in computer science, Information Security, or related field is a plus.
Activities / Responsibilities – Cortex XSIAM
· Collaborate with technical leads and stakeholders to define and execute a robust log ingestion strategy for Cortex XSIAM using Broker VMs and Collectors.
· Serve as both a Security Analyst and SIEM Engineer, owning end-to-end workflows from data onboarding to detection content development and incident response support.
· Design and implement XQL-based correlation rules to detect and alert on suspicious behavior across endpoint, network, and cloud environments.
· Create, tune, and manage data models to normalize and enrich telemetry data in alignment with Cortex XSIAM’s schema requirements.
· Build operational dashboards using XQL that provide actionable insights into threat posture, detection efficacy, and log source coverage.
· Act as SME for XSIAM log ingestion processes, correlation logic, alert tuning, and detection strategy development.
· Engage directly with end customers to assess their environment, identify visibility gaps, and provide strategic recommendations for log onboarding and threat coverage.
· Monitor, optimize, and troubleshoot log source ingestion pipelines and Collector/Broker VM performance.
· Fine-tune alerts and detections to minimize false positives and improve SOC analyst efficiency.
· Collaborate with threat intelligence and detection engineering teams to implement behavioral detections mapped to ATT&CK techniques.
· Support analyst teams in interpreting alerts, performing incident investigations, and leveraging XSIAM's investigation and automation features.
· Drive automation opportunities using XSIAM playbooks to reduce manual workload and enhance response times.
· Conduct workshops, training sessions, and periodic health checks with customers to promote adoption and maturity in their XSIAM usage.
· Participate in post-incident reviews and detection gap analysis to strengthen overall threat detection strategy.