Cyber Detection & Automation Engineer (XSOAR / XSIAM Content Engineering)

3 days ago

To Apply for this Job Click Here

Job Summary
This role supports our banking client’s AI-Ready Cyber Resilience program by providing BAU augmentation for cyber detection and automation engineering within the Cyber Detection and Automation team. The engineer will sustain and enhance current Cortex XSOAR / XSIAM operations, ensuring playbooks, automations, scripts, correlation rules, parsing logic, and XDM data models remain effective, scalable, and aligned to evolving enterprise security needs.

This is a hands-on technical engineering role focused on keeping detection content healthy, improving automation quality, addressing platform enhancements/defects, and enabling new data source normalization and content coverage.

Top 3 Priorities in First 90 Days

Stabilize and sustain current XSOAR / XSIAM content operations
- Triage and resolve tuning requests, bug fixes, and enhancement requests.
- Maintain playbooks, automation rules, scripts, reports, dashboards, and correlation logic.
Manage intake workflow from ServiceNow through JIRA backlog
- Work incoming requests through a structured Kanban process.
- Prioritize sustainment work and ensure operational responsiveness.
Improve data source onboarding and normalization
- Update parsing rules using regex.
- Create and maintain XDM data models for sources that currently lack standardized mappings.

Required Skills (Must-Haves)

4–8+ years total experience – mid-level to senior engineer
Must be capable of working independently in a technically complex BAU environment
Direct hands-on experience with Cortex XSOAR and Cortex XSIAM
Experience building, tuning, and sustaining:
- correlation rules
- playbooks
- automations
- automation rules
- dashboards
- reports
- scripts (Python)
Experience handling operational sustainment / BAU support in a SOC, detection engineering, or security platform engineering environment
Experience with parsing using regex
Experience building, updating, or supporting XDM data models
Ability to manage an engineering intake process from ServiceNow into a JIRA backlog / Kanban board
Strong troubleshooting and prioritization skills in a high-volume request environment
Experience in any banking / fintech / payments regulated enterprise security environment

Nice-to-Have Skills

Familiarity with SIEM/SOAR content lifecycle management
Experience with data source onboarding, log normalization, and telemetry integration
Exposure to SOC use cases, detection tuning, and alert quality improvement
Experience supporting enterprise dashboards and reporting in XSIAM/XSOAR
Understanding of security operations processes and incident response workflows
Familiarity with API integrations or Python-based platform extensions

Ideal Background

Large enterprise SOC Engineering / Detection Engineering teams
Financial services cybersecurity organizations
Security consulting firms supporting Palo Alto Cortex implementations
Cyber automation teams supporting XSOAR / XSIAM / SIEM / SOAR platforms
Managed detection / security engineering teams with strong sustainment responsibility