Palo Alto Cortex XDR Engineer

This role is for a "Palo Alto Cortex XDR Engineer" in Alameda, CA, lasting 6 months. Pay rate is unspecified. Requires 10+ years of experience, cybersecurity certification, expertise in Cortex XDR, SOC environments, threat detection, and scripting skills. Biotech/Pharma experience is a plus.

🌎 - Country

United States

💱 - Currency

$ USD

💰 - Day rate

Unknown

🗓️ - Date discovered

January 16, 2025

🕒 - Project duration

More than 6 months

🏝️ - Location type

On-site

📄 - Contract type

Unknown

🔒 - Security clearance

Unknown

📍 - Location detailed

Alameda, CA

🧠 - Skills detailed

#Firewalls #Cybersecurity #ML (Machine Learning) #Scripting #Security #Cloud #Python #Automation #Splunk #WAF (Web Application Firewall)

Role description

Position: Palo Alto Cortex XDR Engineer

Location: Alameda, CA

Duration: 6 Months (with possible extension)

Job description:

EDUCATION/EXPERIENCE/KNOWLEDGE & SKILLS:

Education:
• Bachelor s degree in related discipline and 10+ years of related experience; or
• Equivalent combination of education and experience
• CISSP, CISM, CEH, OSCP, GIAC or similar cybersecurity certification required.

Experience:
• Extensive experience in Palo Alto Cortex XDR and a deep understanding and practical application of XQL
• queries is required.
• Extensive experience in a SOC environment, with a strong background in threat detection, incident
• response, and threat hunting.
• Experience with threat intelligence platforms and integrating threat intelligence feeds to security tools to
• enrich threat detection.
• Experience in proactive threat hunting to identify and neutralize emerging threats.
• Experience or working knowledge of cloud, network, and application security.
• Experience in Biotech/Pharma is a plus.

Knowledge/Skills/Abilities:
• Proficiency with SOC tools and technologies such as SIEM (Splunk), EDR (Cortex), and IDS/IPS (e.g., Snort, Suricata).
• Strong scripting skills (e.g., Python, PowerShell) to automate tasks, enhance detection capabilities, and develop automation through a SOAR platform.
• Ability to configure and fine-tune security tools to maximize their effectiveness by integrating various log sources and data feeds to enhance visibility and detection.
• Ability to work with various data sources to create high-fidelity alerting.
• Knowledge of machine learning and behavioral analytics to identify anomalies and potential threats.
• Ability to develop and refine correlation rules within SIEM to detect complex attack patterns, leveraging the MITRE ATT&CK framework.
• Strong analytical skills to correlate events and make informed decisions based on data.
• Ability to analyze user behaviors and network traffic to detect suspicious activities.
• Ability to establish and maintain strong relationships with security vendors.
• Extensive knowledge of DNS, network protocols, firewalls, VPNs, web application firewalls, email security, IPS/IDS, SIEM, DLP, cryptography, application listing, and endpoint protection.
• Excellent communication skills.
• Resourceful and proactive to find innovative solutions to challenges.
• A mindset focused on continuous learning and improvement.
• Outstanding judgment and problem-solving skills, including negotiation and conflict resolution.
• Ability to work in a team environment, create timelines, and continually make necessary adjustments.