A career in IBM Consulting is rooted by long-term relationships and close collaboration with clients across the globe.
You'll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio including Software and Red Hat.
Curiosity and a constant quest for knowledge serve as the foundation to success in IBM Consulting. In your role you'll be encouraged to challenge the norm investigate ideas outside of your role and come up with creative solutions resulting in groundbreaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment
Key Responsibilities
Platform Strategy & Engineering:
- Act as the Subject Matter Expert (SME) and technical owner for the Cortex XSIAM XSOAR and XDR platforms.
Implement and manage the entire Cortex ecosystem ensuring seamless integration and data flow between XDR XSOAR and XSIAM.
- Lead platform upgrades performance tuning and capacity planning to maintain a highly available and scalable security infrastructure.
- Develop and enforce governance models including user roles access controls and operational procedures.
Security Automation & Orchestration (XSOAR):
- Design and deploy sophisticated automation playbooks in XSOAR to automate incident triage investigation and response across the enterprise.
- Develop custom integrations using Python REST APIs and other methods to connect XSOAR with IT cloud and security systems (e.g. ITSM Firewalls Cloud IAM Email Security).
- Continuously refine and optimize automation playbooks to reduce manual tasks for the SOC minimizing Mean Time to Respond (MTTR).
- Create and maintain comprehensive documentation for all automations and integrations.
Extended Detection & Response (XDR) & Network Traffic Analysis (NTA):
· Manage and optimize the Cortex XDR deployment for prevention detection and response across endpoints.
· Configure and fine-tune the PaloAlto NTA platform to monitor network traffic detect anomalous behavior and identify devices.
· Correlate endpoint data from XDR with network-level insights from NTA to build a multi-layered understanding of attacks.
· Perform deep-dive investigations and threat hunts using the combined power of EDR and NTA telemetry.
Unified Data & Analytics (XSIAM):
- Leverage XSIAM as the central data lake for security analytics ensuring optimal data ingestion and normalization from XDR XSOAR and other sources.
- Fine-tune high-fidelity detection rules using XQL (XSIAM Query Language) to identify advanced threats that span endpoints network and cloud.
- Exploit the integrated AI/ML capabilities within XSIAM to uncover stealthy attack patterns and perform cross-correlation analysis.
Collaboration & Leadership:
- Mentor SOC analysts and L2 engineers on effective use of the Cortex platform for investigation and response.
- Translate threat intelligence and analyst workflows into technical requirements and platform enhancements.
- Lead projects to enhance our security posture through the adoption of new Cortex features and capabilities.
Required Qualifications & Experience
- 6+ years of hands-on experience in cybersecurity with a focus on security engineering SOC automation or incident response.
- 3+ years of proven deep technical experience with the Palo Alto Cortex platform specifically:
- XSOAR: Demonstrable experience in developing and coding complex playbooks. Proficiency with the XSOAR development environment is a must.
- XDR: Strong hands-on experience in managing the endpoint security platform including policy configuration agent troubleshooting and incident analysis.
- XSIAM: Practical experience with data ingestion writing XQL queries and building custom detection rules.
o NTA: Demonstrable experience in deploying configuring and using a network traffic analysis tool for threat detection (Palo Alto NTA Security preferred).
- Good programming/scripting skills in Python for developing custom automations and API integrations will have added advantage.
- Better understanding of REST APIs JSON and data structures.
- Knowledge of modern attack vectors the MITRE ATT&CK framework and the incident response lifecycle.
- Experience with cloud security concepts and platforms (AWS Azure or GCP).
Preferred Qualifications
- Atleast one mandatory certification require or more Palo Alto Networks certifications:
- PCCSE (Cortex Certified Security Engineer)
- PCXSA (Cortex XSOAR Certified Automation Engineer)
- PCXSI (Cortex XSIAM Certified Administrator)
- PCDRA (Cortex XDR Certified Administrator)
- Experience integrating security tools with IT infrastructure (e.g. Active Directory SIEM Proxies Cloud APIs).
- Excellent communication and documentation skills with the ability to explain complex technical concepts to a variety of audiences.