Cortex XSIAM & XDR Engineer / SIEM Architect
About the role
The SIEM Engineer will support the Department of Administration's Division of Information Security by designing, implementing, maintaining, and optimizing Palo Alto Cortex XSIAM and Cortex XDR in a large-scale, multi-tenant security environment. This role works closely with a large enterprise security team and a 24x7 Security Operations Center (SOC) to enhance SIEM, XDR, detection, response, and log management capabilities supporting multiple state agencies.
Responsibilities
- Plan, design, deploy, administer, and support Palo Alto Cortex XSIAM and Cortex XDR platforms.
- Configure, optimize, troubleshoot, and maintain enterprise SIEM and XDR capabilities.
- Support multi-tenant agency onboarding, tenant-specific configurations, role-based access controls, data segregation, dashboards, and reporting.
- Develop and tune detections, correlation rules, analytics, threat-hunting queries, watchlists, suppression logic, and false-positive reduction.
- Aid with Cribl data modeling, log pipeline design, routing, parsing, normalization, enrichment, filtering, replay, and ingestion.
- Optimize log volume, retention, performance, and cost while maintaining security and compliance requirements.
- Create and maintain runbooks, standard operating procedures, escalation matrices, troubleshooting guides, architecture diagrams, data-flow documentation, use-case catalogs, and analyst knowledge articles.
- Support Tier 1 through Tier 3 SOC analysts through platform troubleshooting, detection tuning, threat hunting, technical escalation, knowledge transfer, and shift handoffs.
- Maintain high availability, resilience, backup, recovery, lifecycle management, and controlled change processes for SIEM, XDR, and supporting log pipeline services.
- Collaborate with security architects, engineers, analysts, and agency stakeholders to align solutions with business goals, industry-standard frameworks, regulatory requirements, and organizational risk tolerance.
- Participate in a monthly on-call rotation supporting the 24x7 SOC.
Requirements
- Hands-on experience with Palo Alto Cortex XSIAM and Cortex XDR design, implementation, administration, and operational support.
- Experience engineering and supporting SIEM capabilities for multi-tenant environments and 24x7 Security Operations Center operations.
- Experience developing and tuning detections, correlation rules, analytics, threat-hunting queries, dashboards, reporting, and alert suppression logic.
- Strong experience creating and managing complex playbooks.
- Experience with Cribl data modeling, log pipeline design, parsing, normalization, enrichment, routing, and ingestion.
- Experience developing automation, integrations, playbooks, and response workflows using scripting languages such as Python and Bash.
- Experience onboarding and troubleshooting telemetry from cloud, endpoint, network, identity, SaaS, Linux, Windows, and custom application sources.
- Strong understanding of enterprise security architecture, incident response, networking, access control, secure system design, and industry-standard cybersecurity frameworks.
- Bachelor's degree in Information Technology, Information Security, or a related field; eight years of relevant work experience may be substituted in lieu of education.
- Five years of experience supporting large IT environments and/or system deployments.
- Must successfully pass: Full credit check, Criminal background check, 7-year background check and credit history check, Driving record (MVR), 10-panel drug screen, E-Verify, SLED check.
- Must obtain and maintain annual CJIS certification.
Qualifications
Hands-on experience with Palo Alto Cortex XSIAM and Cortex XDR design, implementation, administration, and operational support. Experience engineering and supporting SIEM capabilities for multi-tenant environments and 24x7 Security Operations Center operations. Experience developing and tuning detections, correlation rules, analytics, threat-hunting queries, dashboards, reporting, and alert suppression logic. Strong experience creating and managing complex playbooks. Experience with Cribl data modeling, log pipeline design, parsing, normalization, enrichment, routing, and ingestion. Experience developing automation, integrations, playbooks, and response workflows using scripting languages such as Python and Bash. Experience onboarding and troubleshooting telemetry from cloud, endpoint, network, identity, SaaS, Linux, Windows, and custom application sources. Strong understanding of enterprise security architecture, incident response, networking, access control, secure system design, and industry-standard cybersecurity frameworks. Bachelor's degree in Information Technology, Information Security, or a related field; eight years of relevant work experience may be substituted in lieu of education. Five years of experience supporting large IT environments and/or system deployments. Must successfully pass: Full credit check, Criminal background check, 7-year background check and credit history check, Driving record (MVR), 10-panel drug screen, E-Verify, SLED check. Must obtain and maintain annual CJIS certification.
Skills
Hands-on experience with Palo Alto Cortex XSIAM and Cortex XDR design, implementation, administration, and operational support. Experience engineering and supporting SIEM capabilities for multi-tenant environments and 24x7 Security Operations Center operations. Experience developing and tuning detections, correlation rules, analytics, threat-hunting queries, dashboards, reporting, and alert suppression logic. Strong experience creating and managing complex playbooks. Experience with Cribl data modeling, log pipeline design, parsing, normalization, enrichment, routing, and ingestion. Experience developing automation, integrations, playbooks, and response workflows using scripting languages such as Python and Bash. Experience onboarding and troubleshooting telemetry from cloud, endpoint, network, identity, SaaS, Linux, Windows, and custom application sources. Strong understanding of enterprise security architecture, incident response, networking, access control, secure system design, and industry-standard cybersecurity frameworks.
Benefits
Comprehensive benefits package including Group Health (Medical, Dental, and Vision), Paid Time Off, Paid Holidays, 401(k) matching, Group Life and Disability insurance, Professional Development opportunities, Wellness programs, and a variety of other perks.
Pay
Details about pay are not specified in this job posting.
Schedule
Details about the schedule are not specified in this job posting.
Company Culture
HTC Global Services wants you to join our team. Come build new things with us and advance your career. At HTC Global, you’ll collaborate with experts, work alongside clients, and be part of high-performing teams driving success together. You’ll have long-term opportunities to grow your career and develop skills in the latest emerging technologies. At HTC Global Services, our employees have access to a comprehensive benefits package. Benefits can include Group Health (Medical, Dental, and Vision), Paid Time Off, Paid Holidays, 401(k) matching, Group Life and Disability insurance, Professional Development opportunities, Wellness programs, and a variety of other perks. Our success as a company is built on inclusion and diversity. HTC Global Services is committed to providing a workplace free from discrimination and harassment, where every employee is treated with dignity and respect. We celebrate differences and believe that diverse cultures, perspectives, and skills drive innovation and success. HTC is an Equal Opportunity Employer and a proud National Minority Supplier. We seek to empower each individual, fostering an environment where everyone feels valued, included, and respected.