Senior Cyber Security Engineer

CSC•Wilmington, NC

20h•Hybrid

About The Position

We are seeking a Senior Cyber Security Engineer to play a pivotal role in advancing our detection, response, and automation capabilities across a modern enterprise security stack. In this role, you will serve as a hands-on technical leader responsible for designing, engineering, and optimizing Cortex XSIAM to deliver high-fidelity detections, scalable automation, and rapid incident response. You will work with rich telemetry spanning endpoint, network, cloud, and identity data to turn adversary behavior into actionable analytics that measurably reduce risk. This position is ideal for an experienced detection or security operations engineer who thrives at the intersection of platform engineering and threat expertise. You will collaborate closely with SOC analysts, incident responders, and fellow engineers, influence detection strategy, and mentor others while working on creative solutions that matter at enterprise scale. You’ll have the opportunity to shape how security operations evolves, driving improvements in signal quality, automation maturity, and mean time to respond, while continuously expanding your technical depth in XSIAM, XQL, and advanced security analytics.

Requirements

Minimum 5+ years of experience in Security Operations, Detection Engineering, or SIEM/SOAR engineering
Hands-on experience with Palo Alto Networks Cortex XSIAM (or strong XDR/XSOAR experience with rapid XSIAM ramp-up)
Strong working knowledge of SIEM/XDR concepts and log analytics, incident response and threat detection workflows, and automation and orchestration use cases
Proficiency with XQL, KQL, SPL, or similar security query languages
Experience integrating data from endpoint, network, cloud, and identity platforms
Strong scripting experience (Python preferred)
Experience operating security platforms at enterprise scale
Bachelor’s degree in computer science, information assurance, MIS or equivalent industry experience.

Nice To Haves

Preferred experience with endpoint security (Cortex XDR, Defender, CrowdStrike, etc.), cloud security telemetry (AWS, Azure, GCP), identity and access logs (AD, Azure AD, IAM)
Familiarity with MITRE ATT&CK and threat intelligence frameworks
Experience supporting a 24/7 SOC or global security operations team
Palo Alto Networks Certified XSIAM Engineer or Analyst certification preferred.
Additional industry certifications are a plus (i.e., CEH, CISM, etc.)

Responsibilities

Design, deploy, and maintain Cortex XSIAM detections, correlations, and analytics across endpoint, network, cloud, and identity data sources.
Build and tune detection logic to reduce noise while improving true positive rates.
Perform ongoing platform optimization, including ingest management, rule tuning, and performance improvements.
Develop and maintain custom detections using XQL (Cortex Query Language).
Conduct proactive threat hunting and investigations using XSIAM analytics and telemetry.
Translate threat intelligence and adversary techniques into actionable detections aligned to MITRE ATT&CK.
Design and maintain automated response playbooks to accelerate incident containment and remediation.
Integrate XSIAM with enterprise tooling (e.g., identity, EDR, ticketing, cloud, network security platforms).
Support continuous improvement of MTTR through automation and orchestration.
Partner with SOC analysts, incident responders, and engineering teams on investigations and response activities.
Support post-go-live enhancements, backlog grooming, and technical debt reduction initiatives.
Provide technical guidance and mentorship to engineers and analysts.