Replies within 24 hours

Benefits:

401(k)
Competitive salary
Dental insurance
Health insurance
Paid time off
Vision insurance

Position Summary
Celestial Innovations Group (CIG) is seeking a skilled Cortex XSIAM Security Engineer to deploy, configure, and operationalize Palo Alto Networks Cortex XSIAM for federal and enterprise clients. This role is at the center of CIG's AI-driven Security Operations practice, enabling clients to modernize their SOC by consolidating SIEM, XDR, SOAR, UEBA, ASM, and TIP capabilities into a single, converged platform.

The Cortex XSIAM Engineer will serve as a subject-matter expert (SME) throughout the full platform lifecycle: from requirements gathering and architecture design through deployment, integration, and continuous optimization — driving measurable improvements in threat detection and incident response times for our government and commercial clients.

Key Responsibilities

Platform Deployment & Integration

Lead end-to-end deployment of Cortex XSIAM for federal and enterprise clients, including data source onboarding, log ingestion, and normalization.
Integrate XSIAM with existing security ecosystem tools including firewalls, endpoints, cloud platforms, identity providers, and ticketing systems.
Configure data pipelines to ingest and normalize telemetry from diverse sources (endpoints, network, cloud, identity) into XSIAM's unified data model.
Migrate clients from legacy SIEM platforms to Cortex XSIAM, ensuring continuity of detection coverage and compliance reporting.

Detection Engineering & Analytics

Build and tune correlation rules, behavioral analytics, and ML-based detection models within XSIAM to reduce false positive rates and improve detection fidelity.
Develop and maintain XSIAM analytics leveraging XQL (Extended Query Language) to extract actionable insights from security telemetry.
Map detection content to MITRE ATT&CK framework, ensuring coverage across all relevant tactics, techniques, and procedures (TTPs).
Configure AI SmartScoring and technique-based incident grouping to reduce alert fatigue and prioritize analyst workload effectively.

Automation & Playbook Development

Design, build, and maintain SOAR automation playbooks within XSIAM to automate triage, enrichment, and remediation workflows.
Leverage Cortex Marketplace content packs and develop custom integrations as needed to support client-specific security processes.
Implement dev/prod playbook lifecycle management to ensure safe testing and controlled promotion of automation content.
Continuously improve automation coverage, targeting measurable reductions in manual analyst workload.

Incident Response & Threat Management

Serve as escalation point for complex incident investigations, using XSIAM causality chains and full attack-story visualizations to support rapid remediation.
Coordinate with client SOC teams during active incidents, leveraging XSIAM's embedded automation and enrichment capabilities.
Support Attack Surface Management (ASM) functions to proactively identify and remediate client exposure.
Utilize integrated Threat Intelligence Platform (TIP) capabilities, including Unit 42 threat feeds, to enrich alerts and inform response priorities.

Client Engagement & Advisory

Serve as a trusted technical advisor to federal and commercial clients on XSIAM capabilities, roadmap, and SOC modernization strategy.
Produce SOC performance dashboards, compliance reports, and executive summaries within XSIAM to support client governance requirements.
Conduct training and knowledge transfer sessions to build client SOC team proficiency on the XSIAM platform.
Support CIG business development efforts by contributing to proposals, demos, and technical capability briefings for prospective clients.

Required Qualifications

3+ years of hands-on experience with Palo Alto Networks Cortex XDR or Cortex XSIAM in an enterprise or federal environment.
Demonstrated experience deploying or administering SIEM platforms (Splunk, Microsoft Sentinel, IBM QRadar, or equivalent).
Proficiency with XQL or comparable query languages for log analysis and threat hunting.
Working knowledge of SOAR concepts and experience building security automation playbooks.
Understanding of EDR, NDR, and UEBA technologies and how they feed into a converged SOC platform.
Familiarity with MITRE ATT&CK framework and its application to detection engineering.
Active Secret clearance (minimum); TS/SCI preferred for federal engagements.
Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or related field, OR equivalent professional experience.

Preferred Qualifications

Palo Alto Networks Certified Security Automation Engineer (PCSAE) or Cortex XSIAM-specific certification.
Experience with federal compliance frameworks including NIST SP 800-53, RMF, DISA STIGs, and CDM program requirements.
Familiarity with Zero Trust Architecture principles (NIST SP 800-207, CISA ZT Maturity Model) and how XSIAM supports ZTA adoption.
Experience integrating Cortex XSIAM with Palo Alto Networks NGFW, Prisma Cloud, or Zscaler platforms.
Knowledge of cloud security telemetry sources (AWS, Azure, GCP) and their ingestion into XSIAM.
Exposure to Python or JavaScript for custom XSIAM integration development or automation scripting.
Prior experience supporting federal SOC operations or DHS CDM program environments.
CISSP, CEH, CompTIA Security+, or equivalent security certification.

Technical Skills & Tools

SOC Platforms

Cortex XSIAM / XDR
Cortex XSOAR
SIEM platforms
XQL query language
EDR / NDR / UEBA

Security Frameworks

MITRE ATT&CK
NIST SP 800-53 / RMF
NIST SP 800-207 (Zero Trust Architecture)
CISA Zero Trust Maturity Model
DISA STIGs

Integrations & Tools

Palo Alto NGFW / Prisma
Zscaler ZIA / ZPA
Microsoft Sentinel / Azure
ServiceNow / Ticketing systems
AWS / Azure / GCP

Flexible work from home options available.

Compensation: $120,000.00 - $150,000.00 per year

Our Philosophy

Long-Term Customer Relationships: We believe in growing with our clients. Our approach is to understand your unique business challenges and aspirations, providing personalized solutions and ongoing support designed to evolve with your needs.

Strong Employee Culture: At CIG, we are more than just a team; we are a community. We foster a culture of innovation, inclusion, and mutual respect, where every member is empowered to contribute and excel.

Work-Life Balance: We prioritize the well-being of our team members, ensuring a healthy work-life balance through flexible working conditions, continuous learning opportunities, and a supportive work environment.

(if you already have a resume on Indeed)

Or apply here.

* required fields

First Name*

Last Name*

Email*

Phone*

Yes, Text Me!

I consent to receiving text messages about this hiring process and, if hired, future job related information from CELESTIAL INNOVATIONS GROUP LLC.

Message and data rates may apply. Message frequency varies. Reply STOP to opt out. Reply HELP for help. See our User Terms of Service and Privacy Policy for details.

Get faster updates with texting!

Message and data rates may apply. Message frequency varies. Reply STOP to opt out. Reply HELP for help. See our User Terms of Service and Privacy Policy for details.

Location

Address

City

States

ZIP Code

Resume/CV (optional)

Type/Paste Text

Cover Letter

Type/Paste Text

Recent Job Title

Recent Employer

Are you a US Citizen? *

Do you currently have an active DoD Secret or TS/SCI clearance?*

Referral code from a current employeeIf no code provided, add their name instead.