Cortex XDR Consultant (Senior) (m/f/d)

الرياض
عقد
دوام كامل

قبل 3 أيام

We are seeking a Cortex XDR Consultant with strong experience in endpoint detection and response, security monitoring, and incident response. The ideal candidate will have hands-on expertise with Palo Alto Networks Cortex XDR and a solid background in SIEM technologies, preferably within a SOC or Incident Response environment. This role involves designing, implementing, tuning, and operationalizing detection and response capabilities to enhance an organization's security posture.Key Responsibilities
Cortex XDR & Detection Engineering

Deploy, configure, and manage Palo Alto Networks Cortex XDR in enterprise environments
Develop, customize, and tune XDR detection rules, alerts, and correlation logic
Optimize endpoint visibility across Windows, Linux, and macOS environments
Perform threat hunting using Cortex XDR analytics, behavioral indicators, and telemetry
Integrate Cortex XDR with other security tools (firewalls, identity platforms, TI feeds)

Incident Response & SOC Support

Act as a subject-matter expert during security incidents, including malware, ransomware, lateral movement, and insider threats
Lead or support incident investigation, triage, containment, and remediation
Provide guidance on playbooks, SOAR workflows, and response automation
Support SOC maturity initiatives (alert reduction, detection quality, response time)

SIEM & Security Monitoring

Integrate Cortex XDR with SIEM platforms (e.g., Splunk, Sentinel, QRadar, Elastic)
Develop and tune SIEM use cases aligned to MITRE ATT&CK
Correlate endpoint telemetry with network, cloud, and identity logs
Assist with log onboarding, normalization, and enrichment

Advisory & Consulting

Conduct security assessments and XDR readiness reviews
Provide best-practice recommendations for SOC operations and tooling
Deliver documentation, operational handover, and knowledge transfer

Support customers during POCs, audits, and threat simulationsRequired Technical Skills
Endpoint & XDR

Hands-on experience with Palo Alto Networks Cortex XDR
Strong understanding of:

Endpoint telemetry (process, registry, network, file system)
Behavioral detection and anomaly-based analytics
MITRE ATT&CK framework

Incident Response & Threats

Proven experience in SOC or Incident Response
Strong knowledge of:

Malware analysis fundamentals
Attack lifecycle and kill chain
Digital forensics basics (endpoint-focused)
Ability to interpret indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs)

SIEM & Log Analytics

Experience with at least one SIEM platform (background in any SIEM is acceptable)
Log analysis and correlation across multiple data sources
Strong querying skills (KQL, SPL, Lucene, or similar)

Platforms & Scripting

Operating systems: Windows, Linux, macOS
Basic scripting and automation skills:

Python, PowerShell, or Bash
Familiarity with APIs and security integrations

Required & Preferred Certifications
Required / Highly Preferred

Palo Alto Networks Certified Cortex XDR Analyst
Palo Alto Networks Certified Cortex XDR Engineer
Additional Relevant Certifications (Any Background)
SIEM-related certifications (e.g., Splunk, Microsoft Sentinel, Elastic, QRadar)
Incident response certifications:

GIAC (GCIH, GCED, GCIA)
Blue Team Level 1 or 2 (BTL1/BTL2)
EC-Council (CHFI, CEH - operational focus preferred)
Security foundations:
CISSP, CISM, or Security+

Halian

تقدم الآن