Senior Cyber Security Engineer

6d6 days ago

CSC

Wilmington, US · Full-time · $160,000 – $210,000

About this role

We are seeking a Senior Cyber Security Engineer to play a pivotal role in advancing detection, response, and automation capabilities across a modern enterprise security stack. You will serve as a hands-on technical leader designing, engineering, and optimizing Cortex XSIAM for high-fidelity detections, scalable automation, and rapid incident response. Work with rich telemetry from endpoint, network, cloud, and identity data to turn adversary behavior into actionable analytics that reduce risk.

This position suits an experienced detection or security operations engineer thriving at the intersection of platform engineering and threat expertise. You will collaborate closely with SOC analysts, incident responders, and fellow engineers. Influence detection strategy while working on creative solutions at enterprise scale.

Day-to-day involves platform engineering to design, deploy, and maintain Cortex XSIAM detections across data sources, tuning logic to reduce noise and improve true positives. Conduct proactive threat hunting using XSIAM analytics and develop custom detections with XQL. Design automated response playbooks and integrate with enterprise tooling for faster incident containment.

You will partner on investigations, support post-go-live enhancements, and provide technical guidance and mentorship. Shape how security operations evolves by driving improvements in signal quality, automation maturity, and mean time to respond. Continuously expand technical depth in XSIAM, XQL, and advanced security analytics.

Requirements

Minimum 5+ years of experience in Security Operations, Detection Engineering, or SIEM/SOAR engineering
Hands-on experience with Palo Alto Networks Cortex XSIAM (or strong XDR/XSOAR experience with rapid XSIAM ramp-up)
Strong working knowledge of SIEM/XDR concepts and log analytics, incident response and threat detection workflows, and automation and orchestration use cases
Proficiency with XQL, KQL, SPL, or similar security query languages
Experience integrating data from endpoint, network, cloud, and identity platforms
Strong scripting experience (Python preferred)
Experience operating security platforms at enterprise scale
Familiarity with MITRE ATT&CK and threat intelligence frameworks

Responsibilities

Design, deploy, and maintain Cortex XSIAM detections, correlations, and analytics across endpoint, network, cloud, and identity data sources
Build and tune detection logic to reduce noise while improving true positive rates
Develop and maintain custom detections using XQL (Cortex Query Language)
Conduct proactive threat hunting and investigations using XSIAM analytics and telemetry
Design and maintain automated response playbooks to accelerate incident containment and remediation
Integrate XSIAM with enterprise tooling including identity, EDR, ticketing, cloud, and network security platforms
Partner with SOC analysts, incident responders, and engineering teams on investigations and response activities
Provide technical guidance and mentorship to engineers and analysts