Role Summary:
We are looking for a skilled professional with 3–5 years of experience in monitoring, analysis, and incident handling using Palo Alto Cortex XDR/XSIAM. The ideal candidate will be responsible for managing alerts, conducting investigations, and optimizing detection capabilities within the Cortex platform.
Key Responsibilities:
- Monitoring & Analysis:
- Review and analyze alerts generated by Cortex XDR/XSIAM.
- Perform triage and determine the relevance and severity of events.
- Identify patterns, anomalies, and potential risks in data.
- Incident Handling:
- Investigate and respond to events and alerts.
- Conduct root cause analysis and document findings.
- Coordinate with internal teams for resolution and follow-up.
- Platform Optimization:
- Fine-tune detection rules and response playbooks.
- Ensure efficient data ingestion and alert accuracy.
- Collaborate with engineering teams to enhance platform performance.
- Proactive Analysis:
- Conduct exploratory analysis to identify potential issues.
- Leverage threat intelligence and contextual data to improve detection.
- Develop custom queries and dashboards for visibility and reporting.
- Documentation & Reporting:
- Maintain detailed logs and reports of investigations.
- Provide insights and recommendations to improve processes.
Required Qualifications:
- 3–5 years of relevant experience in monitoring, analysis, or incident response.
- Hands-on experience with Palo Alto Cortex XDR/XSIAM.
- Strong understanding of endpoint, network, and cloud data.
- Familiarity with detection frameworks and analytical tools.
- Good scripting knowledge (e.g., Python, PowerShell) is a plus.
- Strong analytical and communication skills.
Preferred Certifications:
- PCCSA or PCNSE (Palo Alto Networks)
- CompTIA Security+, CEH, or equivalent (optional)