Senior Security Operations platform Engineer

Role: Senior Security Operations platform Engineer

Duration: 1 year

Interview: 3 Rounds including Management & Technical

Worktime: 40 hours/week

Required Skills:

• 10+ years in SOC roles (analyst/engineer/architect/consultant).
• Proven deployment/operations of XSIAM (or Cortex XDR/XSOAR in an XSIAM context).
• QRadar expertise (rules, log sources/flows, reference sets, AQL).
• CP4S SOAR/case management experience; ability to translate workflows cross-platform.
• Participation in at least one enterprise-scale SIEM/SOAR migration.
• XQL proficiency; detection rule development.
• SIEM normalization, onboarding, and field mapping.
• SOAR playbook design and workflow automation.
• MITRE ATT&CK–based detection engineering and gap analysis.
• Telemetry across cloud, endpoint, network, and identity.
• Scripting for integrations/automation (Python, JavaScript, or similar).
• Strong SOC operations knowledge (triage, hunting, IR, shift handover, tuning/FP reduction, threat intel operationalization).
• Preferred Palo Alto certs (PCCSA/PCNSA/XSIAM/XSOAR training).
• QRadar certification (or equivalent depth).
• Regulated industry experience (FSI, government, healthcare).
• Logging/data pipeline familiarity (Syslog-ng, Kafka, Cribl, etc.).
• Purple team or detection-as-code background.

Responsibilities: As Senior Security Operations Platform Engineer, you will partner with SOC leadership, engineering, and stakeholders to ensure the migration is not a tool swap, but a measurable uplift in detection, response, and operational maturity.

SOC Process Transformation:

• Assess current triage, escalation, SLAs, and operating rhythms.
• Redesign workflows to align with XSIAM (correlation, automated triage, AI-driven prioritization).
• Build/implement incident response playbooks and automation rules in XSIAM.
• Define KPIs, metrics, and dashboards to improve SOC visibility and performance.

Platform Migration & Deployment:

• Lead end-to-end migration of SIEM/SOAR capabilities from QRadar/CP4S to XSIAM.
• Inventory and translate CP4S playbooks/runbooks into XSIAM automations.
• Establish content lifecycle management for multi-tenancy, tuning, and optimization.
• Define common workflows (incident/shift management, automation development, knowledge management).
• Ensure alert fidelity, data integrity, and coverage continuity through cutover.

Modern SOC Architecture & Advisory:

• Advise on next-gen SOC design across people, process, technology, and governance.
• Close detection gaps using XSIAM’s unified data model, UEBA, threat intel, and attack surface management.
• Recommend SOC structure (tiering), automation-first strategies, and response patterns.
• Mentor/upskill staff on XSIAM operations, XQL, and platform-native automation.

Stakeholder Engagement & Documentation:

• Produce migration plans, technical designs, runbooks, and post-implementation reporting.
• Provide regular updates on progress, risks, and recommendations to senior leadership.
• Coordinate with Palo Alto professional services and internal engineering as needed.

Expected Deliverable(s):

• Log source parsers and data normalization
• Log pipeline implementation
• SOC analyst workflows and automations
• Cybersecurity use-case detections and tuning