Security Engineer – Cortex XDR Operations

Company Description:

Krish is committed to helping our customers achieve their technology goals and will always emphasize the success of our customers as our top priority and in building long-term and productive relationships. Krishs goal of adding the best value to its customers with a combination of right technology, right people, and right costs is achieved through experience and integrity of our consultants and our custom delivery processes.

About the Role

The L3 Security Engineer will act as the highest escalation point for incidents related to Cortex XDR. The role involves advanced threat hunting, complex incident investigation, policy tuning, integration management, and strategic security improvements.

Strong hands-on experience with Cortex XDR.Deep understanding of Malware analysis, Endpoint forensics, Windows/Linux internals, Network security fundamentals

Experience in scripting (PowerShell / Python) preferred.

Knowledge of MITRE ATT&CK framework.

Experience handling P1/P2 incidents.

Advanced Incident Handling

Act as L3 escalation point for critical and complex security incidents.

Perform deep-dive forensic investigations using Cortex XDR.

Analyze endpoint telemetry, network data, and behavioral analytics.

Lead containment, eradication, and recovery actions.

Threat Hunting & Detection Engineering

Conduct proactive threat hunting using XDR query language.

Develop and optimize custom detection rules.

Identify gaps in detection coverage and improve visibility.

Map detections to MITRE ATT&CK framework.

Policy & Platform Management

Fine-tune prevention policies (malware, exploit, behavioral threat protection).

Manage exceptions, exclusions, and false-positive reduction.

Upgrade agents and ensure endpoint health monitoring.

Perform platform health checks and capacity planning.

Integration & Automation

Integrate Cortex XDR with SIEM/SOAR tools.

Automate response actions and playbooks.

Support log forwarding and API integrations.

Root Cause Analysis & Reporting

Perform RCA for major incidents.

Provide executive-level incident summaries.

Recommend security posture improvements.

Collaboration

Work with L1/L2 SOC teams for knowledge transfer.

Coordinate with IT, Network, and Infra teams during containment.

Support audits and compliance requirements.

Preferred Certifications:

Palo Alto Networks Certified Cybersecurity Professional (PCCP)

Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA)