Palo Alto Cortex XDR Engineer

Position: Palo Alto Cortex XDR Engineer

Location: Alameda, CA

Duration: 6 Months (with possible extension)

Job description:

EDUCATION/EXPERIENCE/KNOWLEDGE & SKILLS:

Education:

• Bachelor s degree in related discipline and 10+ years of related experience; or
• Equivalent combination of education and experience
• CISSP, CISM, CEH, OSCP, GIAC or similar cybersecurity certification required.

Experience:

• Extensive experience in Palo Alto Cortex XDR and a deep understanding and practical application of XQL
• queries is required.
• Extensive experience in a SOC environment, with a strong background in threat detection, incident
• response, and threat hunting.
• Experience with threat intelligence platforms and integrating threat intelligence feeds to security tools to
• enrich threat detection.
• Experience in proactive threat hunting to identify and neutralize emerging threats.
• Experience or working knowledge of cloud, network, and application security.
• Experience in Biotech/Pharma is a plus.

Knowledge/Skills/Abilities:

• Proficiency with SOC tools and technologies such as SIEM (Splunk), EDR (Cortex), and IDS/IPS (e.g., Snort, Suricata).
• Strong scripting skills (e.g., Python, PowerShell) to automate tasks, enhance detection capabilities, and develop automation through a SOAR platform.
• Ability to configure and fine-tune security tools to maximize their effectiveness by integrating various log sources and data feeds to enhance visibility and detection.
• Ability to work with various data sources to create high-fidelity alerting.
• Knowledge of machine learning and behavioral analytics to identify anomalies and potential threats.
• Ability to develop and refine correlation rules within SIEM to detect complex attack patterns, leveraging the MITRE ATT&CK framework.
• Strong analytical skills to correlate events and make informed decisions based on data.
• Ability to analyze user behaviors and network traffic to detect suspicious activities.
• Ability to establish and maintain strong relationships with security vendors.
• Extensive knowledge of DNS, network protocols, firewalls, VPNs, web application firewalls, email security, IPS/IDS, SIEM, DLP, cryptography, application listing, and endpoint protection.
• Excellent communication skills.
• Resourceful and proactive to find innovative solutions to challenges.
• A mindset focused on continuous learning and improvement.
• Outstanding judgment and problem-solving skills, including negotiation and conflict resolution.
• Ability to work in a team environment, create timelines, and continually make necessary adjustments.