SIEM Engineer (Cybersecurity)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
SIEM Engineer (Cybersecurity): Designing, deploying, and optimizing Palo Alto Cortex XSIAM and XDR platforms for a large-scale public sector environment with an accent on multi-tenant architecture and security log pipeline management. Focus on developing high-fidelity detections, automating incident response workflows, and ensuring platform resilience within a 24x7 SOC operation.
Location: Must be based in the United States
Company
is a technology and professional services firm established in 2004, specializing in innovative technology management solutions for clients nationwide.
What you will do
- Plan, deploy, and administer Palo Alto Cortex XSIAM and XDR platforms across multi-tenant environments.
- Develop and tune high-fidelity detections, threat-hunting queries, and false-positive suppression logic.
- Design and maintain log management pipelines using Cribl for parsing, normalization, and enrichment.
- Create automated response playbooks and integrations using Python and Bash.
- Author operational runbooks, SOPs, and architecture documentation to ensure platform resilience.
- Collaborate with SOC analysts to support incident response and system troubleshooting.
Requirements
- Must be based in the United States
- 5+ years of experience in large-scale enterprise IT or complex system deployments.
- Hands-on experience with Palo Alto Cortex XSIAM and Cortex XDR.
- Proven experience in SIEM engineering within multi-tenant and 24x7 SOC environments.
- Proficiency in Cribl data modeling and security log pipeline design.
- Strong scripting skills in Python and Bash for automation.
- Ability to pass a full credit and criminal background check and obtain CJIS certification.
Nice to have
- Advanced Cribl administration and performance optimization experience.
- Experience supporting Tier 1-3 SOC analyst handoffs and threat hunting.
- Professional certifications such as CISSP, Security+, GIAC, or Palo Alto Cortex.
Culture & Benefits
- 12-month contract with a high possibility of extension.
- 100% remote work environment.
- Opportunity to work on large-scale public sector security infrastructure.
- Collaborative environment with enterprise security teams.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →