Cortex XSIAM SecOps Engineer

About CYBERcom

CYBERcom is a premier cybersecurity integrator and MSSP at the forefront of the Israeli tech ecosystem. We specialize in protecting high value, mission critical environments by leveraging the world’s most advanced security platforms. As a Palo Alto Networks specialized partner, we don’t just monitor alerts, we build the automation frameworks and detection logic that define the future of SOC operations.

We believe in empowering "Rising Stars". This role is designed for an ambitious professional with a strong technical foundation who is ready to transition into a master of the Cortex XSIAM platform.

About the Role

We are looking for an experienced Security SecOps Engineer with a passion for data-driven detection and automated response. This is a pivotal role focused on the full lifecycle of our Palo Alto Networks Cortex XSIAM platform. You will be the technical lead responsible for moving beyond traditional SIEM limitations, transforming raw logs into actionable intelligence, and architecting the "brain" of our Security Operations Center.

What You’ll Do

• Deployment & Onboarding: Lead the end-to-end configuration of XSIAM tenants. This includes deploying Broker VMs and collectors, onboarding log sources, and establishing seamless integrations with cloud providers (AWS/Azure/GCP) and SaaS applications.
• Incident & Alert Engineering: Architect and tune the alerting engine. You will develop custom Correlation Rules and BIOCs (Behavioral Indicators of Compromise), manage alert exclusion policies to reduce noise, and configure automated incident scoring and notification workflows.
• Advanced Data Management: Own the data pipeline. You will be responsible for data ingestion, log stitching, and creating custom parsing rules to ensure all telemetry is normalized and searchable.
• XQL Power-User: Serve as the internal expert for XQL (Cortex Query Language). You will write complex queries for proactive threat hunting, build advanced data visualizations, and develop custom dashboards that provide real-time visibility into client security postures.

Qualifications

• Experience: 3-5 years of hands-on experience in Security Engineering, SOC Tier 3, or Detection Engineering.
• Technical Expertise: Deep knowledge of Palo Alto Networks Cortex XSIAM or Cortex XDR is highly preferred or Strong proficiency in at least one rival ecosystem such as Splunk (SPL), CrowdStrike (Falcon Insight/LogScale), Microsoft Sentinel (KQL), or IBM QRadar. We value the ability to translate legacy SIEM logic into modern XSIAM automation.
• Query Languages: Expert-level ability to write complex queries (XQL, SQL, KQL, or SPL) to manipulate and analyze large datasets.
• Networking & Systems: Solid understanding of the TCP/IP stack, EDR/EPP architectures, and cloud security fundamentals.
• Certifications: Palo Alto Networks Certified Detection and Remediation Professional (PCDRA) or XSIAM-specific training is a major advantage.

🚀 Why You’ll Love It Here

• Work at the cutting edge of the "Automation-First" SOC movement.
• Direct mentorship from senior architects and trained experts.
• Exposure to dozens of different technology stacks and organizational cultures.
• A collaborative environment that values "thinking deep" and "moving fast."