Cortex XSIAM Security Engineer

Benefits:

401(k)

Competitive salary

Dental insurance

Health insurance

Paid time off

Vision insurance

Position Summary Celestial Innovations Group (CIG) is seeking a skilled Cortex XSIAM Security Engineer to deploy, configure, and operationalize Palo Alto Networks Cortex XSIAM for federal and enterprise clients. This role is at the center of CIG's AI-driven Security Operations practice, enabling clients to modernize their SOC by consolidating SIEM, XDR, SOAR, UEBA, ASM, and TIP capabilities into a single, converged platform.

The Cortex XSIAM Engineer will serve as a subject-matter expert (SME) throughout the full platform lifecycle: from requirements gathering and architecture design through deployment, integration, and continuous optimization — driving measurable improvements in threat detection and incident response times for our government and commercial clients.

Key Responsibilities

Platform Deployment & Integration

Lead end-to-end deployment of Cortex XSIAM for federal and enterprise clients, including data source onboarding, log ingestion, and normalization.

Integrate XSIAM with existing security ecosystem tools including firewalls, endpoints, cloud platforms, identity providers, and ticketing systems.

Configure data pipelines to ingest and normalize telemetry from diverse sources (endpoints, network, cloud, identity) into XSIAM's unified data model.

Migrate clients from legacy SIEM platforms to Cortex XSIAM, ensuring continuity of detection coverage and compliance reporting.

Detection Engineering & Analytics

Build and tune correlation rules, behavioral analytics, and ML-based detection models within XSIAM to reduce false positive rates and improve detection fidelity.

Develop and maintain XSIAM analytics leveraging XQL (Extended Query Language) to extract actionable insights from security telemetry.

Map detection content to MITRE ATT&CK framework, ensuring coverage across all relevant tactics, techniques, and procedures (TTPs).

Configure AI SmartScoring and technique-based incident grouping to reduce alert fatigue and prioritize analyst workload effectively.

Automation & Playbook Development

Design, build, and maintain SOAR automation playbooks within XSIAM to automate triage, enrichment, and remediation workflows.

Leverage Cortex Marketplace content packs and develop custom integrations as needed to support client-specific security processes.

Implement dev/prod playbook lifecycle management to ensure safe testing and controlled promotion of automation content.

Continuously improve automation coverage, targeting measurable reductions in manual analyst workload.

Incident Response & Threat Management

Serve as escalation point for complex incident investigations, using XSIAM causality chains and full attack-story visualizations to support rapid remediation.

Coordinate with client SOC teams during active incidents, leveraging XSIAM's embedded automation and enrichment capabilities.

Support Attack Surface Management (ASM) functions to proactively identify and remediate client exposure.

Utilize integrated Threat Intelligence Platform (TIP) capabilities, including Unit 42 threat feeds, to enrich alerts and inform response priorities.

Client Engagement & Advisory

Serve as a trusted technical advisor to federal and commercial clients on XSIAM capabilities, roadmap, and SOC modernization strategy.

Produce SOC performance dashboards, compliance reports, and executive summaries within XSIAM to support client governance requirements.

Conduct training and knowledge transfer sessions to build client SOC team proficiency on the XSIAM platform.

Support CIG business development efforts by contributing to proposals, demos, and technical capability briefings for prospective clients.

Required Qualifications

3+ years of hands-on experience with Palo Alto Networks Cortex XDR or Cortex XSIAM in an enterprise or federal environment.

Demonstrated experience deploying or administering SIEM platforms (Splunk, Microsoft Sentinel, IBM QRadar, or equivalent).

Proficiency with XQL or comparable query languages for log analysis and threat hunting.

Working knowledge of SOAR concepts and experience building security automation playbooks.

Understanding of EDR, NDR, and UEBA technologies and how they feed into a converged SOC platform.

Familiarity with MITRE ATT&CK framework and its application to detection engineering.

Active Secret clearance (minimum); TS/SCI preferred for federal engagements.

Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or related field, OR equivalent professional experience.

Preferred Qualifications

Palo Alto Networks Certified Security Automation Engineer (PCSAE) or Cortex XSIAM-specific certification.

Experience with federal compliance frameworks including NIST SP 800-53, RMF, DISA STIGs, and CDM program requirements.

Familiarity with Zero Trust Architecture principles (NIST SP 800-207, CISA ZT Maturity Model) and how XSIAM supports ZTA adoption.

Experience integrating Cortex XSIAM with Palo Alto Networks NGFW, Prisma Cloud, or Zscaler platforms.

Knowledge of cloud security telemetry sources (AWS, Azure, GCP) and their ingestion into XSIAM.

Exposure to Python or JavaScript for custom XSIAM integration development or automation scripting.

Prior experience supporting federal SOC operations or DHS CDM program environments.

CISSP, CEH, CompTIA Security+, or equivalent security certification.

Technical Skills & Tools

SOC Platforms

Cortex XSIAM / XDR

Cortex XSOAR

SIEM platforms

XQL query language

EDR / NDR / UEBA

Security Frameworks

MITRE ATT&CK

NIST SP 800-53 / RMF

NIST SP 800-207 (Zero Trust Architecture)

CISA Zero Trust Maturity Model

DISA STIGs

Integrations & Tools

Palo Alto NGFW / Prisma

Zscaler ZIA / ZPA

Microsoft Sentinel / Azure

ServiceNow / Ticketing systems

AWS / Azure / GCP

Flexible work from home options available.