We are seeking a senior-level Security Operations Consultants to lead the deployment, calibration, and process transformation associated with our migration from IBM QRadar and IBM Cloud Pak for Security (CP4S) to Palo Alto Networks XSIAM (Extended Security Intelligence and Automation Management).

This engagement is ideal for seasoned SOC practitioners who not only have hands-on XSIAM or XSOAR expertise, but who also bring the vision, architecture mindset, and operational maturity to reimagine what a modern Security Operations Center should look like — and then build it.

As a Senior SOC Consultant, you will serve the primary player guiding the environing of how the modern SOC shall operate working as an MSSP of our SIEM/SOAR/XDR platform transition. You will work directly with our SOC leadership, engineering teams, and key stakeholders to ensure that the migration is not simply a technology swap, but a genuine uplift in our security operations capability.

You will be expected to bring an architect's perspective to SOC design, a practitioner's knowledge of detection and response workflows, and a consultant's discipline in delivering measurable outcomes within a defined engagement timeline.

SOC Process Transformation

›      Conduct a thorough review of current SOC processes, triage workflows, escalation procedures, and SLA structures.

›      Re-engineer and calibrate SOC processes to align with XSIAM capabilities, including alert correlation, automated triage, and AI-driven prioritization.

›      Design and implement incident response playbooks and automation rules that exploit the native intelligence of the XSIAM platform.

›      Define metrics, KPIs, and dashboards within XSIAM to provide SOC leadership with actionable operational visibility.

Platform Migration & Deployment

›      Assist in the end-to-end migration of SIEM and SOAR capabilities from IBM QRadar and IBM CP4S to Palo Alto XSIAM.

›      Assess existing playbooks, runbooks, and automation capabilities in the current environment of CP4S.

›      Design content lifecycle management processes to support multi-tenancy and content optimization and tuning

›      Propose a vision for common workflows for incident management, shift management, automation, workflow development and knowledge management while leveraging XSIAM.

›      Help in creating the workflows and automations in XSIAM

›      Assist in enabling the SOC team to adapt the new workflows.

›      Migrate and reconstruct CP4S playbooks and SOAR automation workflows within XSIAM's automation engine.

›      Ensure data integrity, fidelity of alerts, and continuity of coverage throughout the transition period.

Modern SOC Architecture & Advisory

›      Advise on the architecture of a next-generation SOC — covering people, process, technology, and governance dimensions.

›      Identify and close gaps in detection coverage by leveraging XSIAM's unified data model, UEBA, threat intelligence, and attack surface management capabilities.

›      Provide recommendations on SOC team structure, analyst tier models, and automation-first response strategies.

›      Mentor and upskill internal SOC staff on XSIAM operations, XQL query development, and platform-native automation.

Stakeholder Engagement & Documentation

›      Produce and maintain detailed migration plans, technical design documents, runbooks, and post-implementation reports.

›      Present progress, risks, and recommendations to senior IT and security leadership on a regular basis.

›      Collaborate with vendors, Palo Alto professional services teams, and internal engineering counterparts as required.

Experience

›      10+ years of hands-on experience working within or for Security Operations Centers (SOC) — as an analyst, engineer, architect, or consultant.

›      Demonstrable experience deploying and operating Palo Alto XSIAM (or Cortex XDR/XSOAR in an integrated XSIAM context).

›      Deep, working knowledge of IBM QRadar — including correlation rules, log sources, flows, reference sets, and the AQL query language.

›      Experience with IBM CP4S and its SOAR/Case Management components, with the ability to translate workflows to a new platform.

›      Prior involvement in at least one full SIEM or SOAR platform migration at enterprise scale.

Technical Skills

›      Proficiency in XSIAM's XQL query language and detection rule framework.

›      Strong understanding of SIEM data normalization, log source onboarding, and field mapping.

›      Experience with SOAR playbook design and automation workflow development.

›      Familiarity with MITRE ATT&CK framework and its application to detection engineering and gap analysis.

›      Understanding of cloud security telemetry, endpoint detection, network traffic analysis, and identity-based threat detection.

›      Working knowledge of scripting or development languages (Python, JavaScript, or similar) for automation and integration tasks.

SOC Domain Expertise

›      Deep understanding of SOC operational processes: alert triage, threat hunting, incident response, and shift handover procedures.

›      Ability to articulate and design a target-state SOC operating model — including staffing models, automation tiers, and governance frameworks.

›      Experience defining and implementing use-case libraries, tuning methodologies, and false-positive reduction strategies.

›      Strong grasp of threat intelligence lifecycle and how to operationalize feeds within a SIEM/XDR platform.

›      Palo Alto Networks certifications such as PCCSA, PCNSA, or Cortex XSIAM/XSOAR-specific training credentials.

›      IBM QRadar SIEM certification or equivalent demonstrated expertise.

›      Experience operating in regulated industries (financial services, government, healthcare) with awareness of compliance-driven detection requirements.

›      Familiarity with enterprise logging infrastructure (Syslog-ng, Kafka, Cribl, or similar data pipeline tools).

›      Background in purple team operations or detection-as-code methodologies.

Beyond technical credentials, we are looking for professionals who think strategically about security operations. The ideal candidate can walk into a mature but legacy-constrained SOC environment and immediately start identifying not just what needs to move, but what needs to change. You should be comfortable challenging existing assumptions, proposing process improvements, and driving adoption of new ways of working — all while keeping day-to-day operations stable during the transition.

If you have spent your career building SOCs, transforming them, or advising organizations on how to get more from their security investments — and if Palo Alto XSIAM is a platform you know deeply — we want to speak with you.