To Apply for this Job Click Here

Job Summary
This role supports our banking client’s AI-Ready Cyber Resilience program by providing BAU augmentation for cyber detection and automation engineering within the Cyber Detection and Automation team. The engineer will sustain and enhance current Cortex XSOAR / XSIAM operations, ensuring playbooks, automations, scripts, correlation rules, parsing logic, and XDM data models remain effective, scalable, and aligned to evolving enterprise security needs.

This is a hands-on technical engineering role focused on keeping detection content healthy, improving automation quality, addressing platform enhancements/defects, and enabling new data source normalization and content coverage.

Top 3 Priorities in First 90 Days

1. Stabilize and sustain current XSOAR / XSIAM content operations
   • Triage and resolve tuning requests, bug fixes, and enhancement requests.
   • Maintain playbooks, automation rules, scripts, reports, dashboards, and correlation logic.
2. Manage intake workflow from ServiceNow through JIRA backlog
   • Work incoming requests through a structured Kanban process.
   • Prioritize sustainment work and ensure operational responsiveness.
3. Improve data source onboarding and normalization
   • Update parsing rules using regex.
   • Create and maintain XDM data models for sources that currently lack standardized mappings.

Required Skills (Must-Haves)

• 4–8+ years total experience – mid-level to senior engineer
• Must be capable of working independently in a technically complex BAU environment
• Direct hands-on experience with Cortex XSOAR and Cortex XSIAM
• Experience building, tuning, and sustaining:
  • correlation rules
  • playbooks
  • automations
  • automation rules
  • dashboards
  • reports
  • scripts (Python)
• Experience handling operational sustainment / BAU support in a SOC, detection engineering, or security platform engineering environment
• Experience with parsing using regex
• Experience building, updating, or supporting XDM data models
• Ability to manage an engineering intake process from ServiceNow into a JIRA backlog / Kanban board
• Strong troubleshooting and prioritization skills in a high-volume request environment
• Experience in any banking / fintech / payments regulated enterprise security environment

Nice-to-Have Skills

• Familiarity with SIEM/SOAR content lifecycle management
• Experience with data source onboarding, log normalization, and telemetry integration
• Exposure to SOC use cases, detection tuning, and alert quality improvement
• Experience supporting enterprise dashboards and reporting in XSIAM/XSOAR
• Understanding of security operations processes and incident response workflows
• Familiarity with API integrations or Python-based platform extensions

Ideal Background

• Large enterprise SOC Engineering / Detection Engineering teams
• Financial services cybersecurity organizations
• Security consulting firms supporting Palo Alto Cortex implementations
• Cyber automation teams supporting XSOAR / XSIAM / SIEM / SOAR platforms
• Managed detection / security engineering teams with strong sustainment responsibility

To Apply for this Job Click Here