[< BACK]
// POSTED: May 2, 2026

Cortex XSIAM Security Engineer

APPLY NOW
<div class="benefits"> <div><strong>Benefits:</strong></div> <ul> <li>401(k)</li> <li>Competitive salary</li> <li>Dental insurance</li> <li>Health insurance</li> <li>Paid time off</li> <li>Vision insurance</li> </ul> </div> <div class="trix-content"> <div> <strong>Position Summary</strong><br>Celestial Innovations Group (CIG) is seeking a skilled Cortex XSIAM Security Engineer to deploy, configure, and operationalize Palo Alto Networks Cortex XSIAM for federal and enterprise clients. This role is at the center of CIG's AI-driven Security Operations practice, enabling clients to modernize their SOC by consolidating SIEM, XDR, SOAR, UEBA, ASM, and TIP capabilities into a single, converged platform.<br><br>The Cortex XSIAM Engineer will serve as a subject-matter expert (SME) throughout the full platform lifecycle: from requirements gathering and architecture design through deployment, integration, and continuous optimization — driving measurable improvements in threat detection and incident response times for our government and commercial clients.<br><br> </div><div><strong><u>Key Responsibilities</u></strong></div><div><strong>Platform Deployment & Integration</strong></div><ul> <li>Lead end-to-end deployment of Cortex XSIAM for federal and enterprise clients, including data source onboarding, log ingestion, and normalization.</li> <li>Integrate XSIAM with existing security ecosystem tools including firewalls, endpoints, cloud platforms, identity providers, and ticketing systems.</li> <li>Configure data pipelines to ingest and normalize telemetry from diverse sources (endpoints, network, cloud, identity) into XSIAM's unified data model.</li> <li>Migrate clients from legacy SIEM platforms to Cortex XSIAM, ensuring continuity of detection coverage and compliance reporting.</li> </ul><div><strong>Detection Engineering & Analytics</strong></div><ul> <li>Build and tune correlation rules, behavioral analytics, and ML-based detection models within XSIAM to reduce false positive rates and improve detection fidelity.</li> <li>Develop and maintain XSIAM analytics leveraging XQL (Extended Query Language) to extract actionable insights from security telemetry.</li> <li>Map detection content to MITRE ATT&CK framework, ensuring coverage across all relevant tactics, techniques, and procedures (TTPs).</li> <li>Configure AI SmartScoring and technique-based incident grouping to reduce alert fatigue and prioritize analyst workload effectively.</li> </ul><div><strong>Automation & Playbook Development</strong></div><ul> <li>Design, build, and maintain SOAR automation playbooks within XSIAM to automate triage, enrichment, and remediation workflows.</li> <li>Leverage Cortex Marketplace content packs and develop custom integrations as needed to support client-specific security processes.</li> <li>Implement dev/prod playbook lifecycle management to ensure safe testing and controlled promotion of automation content.</li> <li>Continuously improve automation coverage, targeting measurable reductions in manual analyst workload.</li> </ul><div><strong>Incident Response & Threat Management</strong></div><ul> <li>Serve as escalation point for complex incident investigations, using XSIAM causality chains and full attack-story visualizations to support rapid remediation.</li> <li>Coordinate with client SOC teams during active incidents, leveraging XSIAM's embedded automation and enrichment capabilities.</li> <li>Support Attack Surface Management (ASM) functions to proactively identify and remediate client exposure.</li> <li>Utilize integrated Threat Intelligence Platform (TIP) capabilities, including Unit 42 threat feeds, to enrich alerts and inform response priorities.</li> </ul><div><strong>Client Engagement & Advisory</strong></div><ul> <li>Serve as a trusted technical advisor to federal and commercial clients on XSIAM capabilities, roadmap, and SOC modernization strategy.</li> <li>Produce SOC performance dashboards, compliance reports, and executive summaries within XSIAM to support client governance requirements.</li> <li>Conduct training and knowledge transfer sessions to build client SOC team proficiency on the XSIAM platform.</li> <li>Support CIG business development efforts by contributing to proposals, demos, and technical capability briefings for prospective clients.</li> </ul><div><br></div><div><strong><u>Required Qualifications</u></strong></div><ul> <li>3+ years of hands-on experience with Palo Alto Networks Cortex XDR or Cortex XSIAM in an enterprise or federal environment.</li> <li>Demonstrated experience deploying or administering SIEM platforms (Splunk, Microsoft Sentinel, IBM QRadar, or equivalent).</li> <li>Proficiency with XQL or comparable query languages for log analysis and threat hunting.</li> <li>Working knowledge of SOAR concepts and experience building security automation playbooks.</li> <li>Understanding of EDR, NDR, and UEBA technologies and how they feed into a converged SOC platform.</li> <li>Familiarity with MITRE ATT&CK framework and its application to detection engineering.</li> <li>Active Secret clearance (minimum); TS/SCI preferred for federal engagements.</li> <li>Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or related field, OR equivalent professional experience.</li> </ul><div><br></div><div><strong><u>Preferred Qualifications</u></strong></div><ul> <li>Palo Alto Networks Certified Security Automation Engineer (PCSAE) or Cortex XSIAM-specific certification.</li> <li>Experience with federal compliance frameworks including NIST SP 800-53, RMF, DISA STIGs, and CDM program requirements.</li> <li>Familiarity with Zero Trust Architecture principles (NIST SP 800-207, CISA ZT Maturity Model) and how XSIAM supports ZTA adoption.</li> <li>Experience integrating Cortex XSIAM with Palo Alto Networks NGFW, Prisma Cloud, or Zscaler platforms.</li> <li>Knowledge of cloud security telemetry sources (AWS, Azure, GCP) and their ingestion into XSIAM.</li> <li>Exposure to Python or JavaScript for custom XSIAM integration development or automation scripting.</li> <li>Prior experience supporting federal SOC operations or DHS CDM program environments.</li> <li>CISSP, CEH, CompTIA Security+, or equivalent security certification.</li> </ul><div><br></div><div><strong><u>Technical Skills & Tools</u></strong></div><div><strong>SOC Platforms</strong></div><ul> <li>Cortex XSIAM / XDR</li> <li>Cortex XSOAR</li> <li>SIEM platforms</li> <li>XQL query language</li> <li>EDR / NDR / UEBA</li> </ul><div><strong>Security Frameworks</strong></div><ul> <li>MITRE ATT&CK</li> <li>NIST SP 800-53 / RMF</li> <li>NIST SP 800-207 (Zero Trust Architecture)</li> <li>CISA Zero Trust Maturity Model</li> <li>DISA STIGs</li> </ul><div><strong>Integrations & Tools</strong></div><ul> <li>Palo Alto NGFW / Prisma</li> <li>Zscaler ZIA / ZPA</li> <li>Microsoft Sentinel / Azure</li> <li>ServiceNow / Ticketing systems</li> <li>AWS / Azure / GCP</li> </ul> </div> <p>Flexible work from home options available.</p>
APPLY NOW

More Remote Jobs

[Remote] Rating & Ratemaking Support AnalystMay 1, 2026Experienced Remote Healthcare Customer Service Representative – Delivering Compassionate Support from the Comfort of Your Own HomeMay 4, 2026Sr. Integration EngineerMay 4, 2026Sr. Digital Visual DesignerMay 3, 2026Director, Sales-Kroger (Frozen Handheld & Spreads/Coffee-US Retail Sales)May 5, 2026Remote Senior Consultant, Healthcare ServicesMay 1, 2026[Hiring] Senior Mainframe DB2 Database Administrator @CVS HealthMay 2, 2026Services Data Center Solutions Principal - Multicloud-Data Center, AI & Data and Security & ResilienceMay 1, 2026Cybersecurity Engineer - RemoteMay 4, 2026**Experienced Work From Home (WFH) Customer Service Representative – Chat Support at arenaflex**May 1, 2026Account Executive - South AfricaMay 2, 2026Assistant Store LeaderMay 3, 2026Legal Executive AssistantMay 1, 2026Senior Data Scientist, FinanceMay 1, 2026Account ExecutiveMay 5, 2026
Interested in this role?Apply on iHire