Job Description

Role Summary:

We are looking for a skilled professional with 3-5 years of experience in monitoring, analysis, and incident handling using Palo Alto Cortex XDR/XSIAM. The ideal candidate will be responsible for managing alerts, conducting investigations, and optimizing detection capabilities within the Cortex platform.

Key Responsibilities:

Monitoring & Analysis:

+ Review and analyze alerts generated by Cortex XDR/XSIAM. + Perform triage and determine the relevance and severity of events.
+ Identify patterns, anomalies, and potential risks in data.

Incident Handling:

+ Investigate and respond to events and alerts. + Conduct root cause analysis and document findings.
+ Coordinate with internal teams for resolution and follow-up.

Platform Optimization:

+ Fine-tune detection rules and response playbooks. + Ensure efficient data ingestion and alert accuracy.
+ Collaborate with engineering teams to enhance platform performance.

Proactive Analysis:

+ Conduct exploratory analysis to identify potential issues. + Leverage threat intelligence and contextual data to improve detection.
+ Develop custom queries and dashboards for visibility and reporting.

Documentation & Reporting:

+ Maintain detailed logs and reports of investigations. + Provide insights and recommendations to improve processes.

Required Qualifications:

3-5 years of relevant experience in monitoring, analysis, or incident response. Hands-on experience with Palo Alto Cortex XDR/XSIAM. Strong understanding of endpoint, network, and cloud data. Familiarity with detection frameworks and analytical tools. Good scripting knowledge (e.g., Python, PowerShell) is a plus. Strong analytical and communication skills.

Preferred Certifications:

PCCSA or PCNSE (Palo Alto Networks) * CompTIA Security+, CEH, or equivalent (optional)