Clips

Threads

Jobs

Channels

Security Consultant - XSIAM Lead

Full–time

Posted on: 17 hours ago

Introduction

A career in IBM Consulting is built on long-term client relationships and close collaboration worldwide. You’ll work with leading companies across industries, helping them shape their hybrid cloud and AI journeys. With support from our strategic partners, robust IBM technology, and Red Hat, you’ll have the tools to drive meaningful change and accelerate client impact. At IBM Consulting, curiosity fuels success. You’ll be encouraged to challenge the norm, explore new ideas, and create innovative solutions that deliver real results. Our culture of growth and empathy focuses on your long-term career development while valuing your unique skills and experiences.

Your Role And Responsibilities

We are looking for a seasoned and proactive Senior Engineer to serve as the technical owner for our Palo Alto Cortex suite, with deep expertise in XSIAM (Extended Security Intelligence and Automation Management), XSOAR (Security Orchestration, Automation, and Response), and Cortex XDR (Extended Detection and Response). You will be the cornerstone of our security operations, bridging the gap between endpoint security, data analytics, and automated response. Your work will directly translate into faster detection, streamlined investigation, and automated containment of security incidents.

This is a hands-on, high-impact role perfect for an engineer who thrives on building elegant, automated solutions to complex security challenges.

Key Responsibilities

Platform Strategy & Engineering
  • Act as the Subject Matter Expert (SME) and technical owner for the Cortex XSIAM, XSOAR, and XDR platforms.

    • Implement and manage the entire Cortex ecosystem, ensuring seamless integration and data flow between XDR, XSOAR, and XSIAM.
  • Lead platform upgrades, performance tuning, and capacity planning to maintain a highly available and scalable security infrastructure.
  • Develop and enforce governance models, including user roles, access controls, and operational procedures.

    • Security Automation & Orchestration (XSOAR)
  • Design and deploy sophisticated automation playbooks in XSOAR to automate incident triage, investigation, and response across the enterprise.
  • Develop custom integrations using Python, REST APIs, and other methods to connect XSOAR with IT, cloud, and security systems (e.g., ITSM, Firewalls, Cloud IAM, Email Security).
  • Continuously refine and optimise automation playbooks to reduce manual tasks for the SOC, minimising Mean Time to Respond (MTTR).
  • Create and maintain comprehensive documentation for all automations and integrations.

    • Extended Detection & Response (XDR) & Network Traffic Analysis (NTA):
  • Manage and optimize the Cortex XDR deployment for prevention, detection, and response across endpoints.
  • Configure and fine-tune the PaloAlto NTA platform to monitor network traffic, detect anomalous behavior, and identify devices.
  • Correlate endpoint data from XDR with network-level insights from NTA to build a multi-layered understanding of attacks.
  • Perform deep-dive investigations and threat hunts using the combined power of EDR and NTA telemetry.

    • Unified Data & Analytics (XSIAM)
  • Leverage XSIAM as the central data lake for security analytics, ensuring optimal data ingestion and normalization from XDR, XSOAR, and other sources.
  • Fine-tune high-fidelity detection rules using XQL (XSIAM Query Language) to identify advanced threats that span endpoints, network, and cloud.
  • Exploit the integrated AI/ML capabilities within XSIAM to uncover stealthy attack patterns and perform cross-correlation analysis.

    • Collaboration & Leadership
  • Mentor SOC analysts and L2 engineers on effective use of the Cortex platform for investigation and response.
  • Translate threat intelligence and analyst workflows into technical requirements and platform enhancements.
  • Lead projects to enhance our security posture through the adoption of new Cortex features and capabilities.

    • Preferred Education

    Master's Degree

    Required Technical And Professional Expertise
  • Required: 6+ years of hands-on experience in cybersecurity, with a focus on security engineering, SOC automation, or incident response.
  • 5+ years of proven, deep technical experience with the Palo Alto Cortex platform, specifically:
  • XSOAR: Demonstrable experience in developing and coding complex playbooks. Proficiency with the XSOAR development environment is a must.
  • XDR: Strong hands-on experience in managing the endpoint security platform, including policy configuration, agent troubleshooting, and incident analysis.
  • XSIAM: Practical experience with data ingestion, writing XQL queries, and building custom detection rules.
  • NTA: Demonstrable experience in deploying, configuring, and using a network traffic analysis tool for threat detection (Palo Alto NTA Security preferred)
  • Good programming/scripting skills in Python for developing custom automations and API integrations will have added advantage.
  • Better understanding of REST APIs, JSON, and data structures.
  • Knowledge of modern attack vectors, the MITRE ATT&CK framework, and the incident response lifecycle.
  • Experience with cloud security concepts - Prisma Cloud, AWS, Azure, or GCP.

    • Preferred Technical And Professional Experience

    One or more Palo Alto Networks certifications:

    oPCCSE (Cortex Certified Security Engineer)

    oPCXSA (Cortex XSOAR Certified Automation Engineer)

    oPCXSI (Cortex XSIAM Certified Administrator)

    oPCDRA (Cortex XDR Certified Administrator)
  • Experience integrating security tools with IT infrastructure (e.g., Active Directory, SIEM, Firewall, Cloud APIs).
  • Excellent communication and documentation skills, with the ability to explain complex technical concepts to a variety of audiences