Location: Tulsa, Oklahoma
Job Description
Position: Security Operations EngineerPosition Type: Direct hire
Location: Remote
Position Summary
Our client is seeking a Security Operations Engineer to design, deploy, and operationalize Cortex XSIAM as the foundational platform that powers our Aegis Managed Detection & Response (MDR) practice.
This is not a traditional SOC analyst or incident responder role. Instead, this position is focused on engineering the security operations platforms that our customers and partners rely on. This includes building the telemetry pipelines, detections, automations, and integrations required for a modern, scalable MDR service or successful customer SOC buildout.
You will work closely with company engineering, customer stakeholders, and be a part of the SOC. This role’s primary responsibility is to ensure Cortex XSIAM is implemented in a way that enables high-fidelity detection, efficient response, and long-term operational success.
Existing experience using Cortex is preferred however training is provided and is mandatory.
Cortex XSIAM Deployment & Engineering
- Lead end-to-end deployment and implementation of Cortex XSIAM in customer environments.
- Design and implement:
- Log ingestion pipelines
- Data normalization and parsing
- Entity modeling and asset context
- Ensure Cortex XSIAM is fully operational and aligned with Aegis MDR requirements
- Integrate Cortex XSIAM with:
- Endpoint, network, identity, cloud, and SaaS data sources
- Third-party security and IT systems
- Validate telemetry coverage and data quality across customer environments
- Deploy and tune:
- Correlation rules
- Analytics
- Out-of-the-box and custom detections
- Implement and customize SOAR-based automations and playbooks to support MDR workflows
- Optimize signal quality to reduce noise and improve detection fidelity
- Ensure Cortex XSIAM deployments meet the operational needs of company’s SOC
- Collaborate with SOC analysts to:
- Validate detections
- Improve investigation workflows
- Enable effective response actions
- Support go-live readiness and transition to steady-state MDR operations
- Standardize deployment patterns and implementation best practices
- Contribute to internal documentation, runbooks, and reference architectures
- Identify opportunities to improve scalability, efficiency, and automation across customer deployments
Required
- 2+ years of experience in security operations engineering or similar roles.
- Hands-on experience deploying and engineering SIEM/XDR platforms.
- Experience integrating diverse data sources such as:
- EDR/XDR
- Firewalls and network devices
- Identity providers
- Cloud platforms
- Strong understanding of:
- SOC architectures
- Detection engineering concepts
- Security telemetry and logging pipelines
- Strong written and verbal communication skills
- Experience with Cortex XSIAM and/or Cortex XSOAR (Demisto)
- Experience with any other SOAR platforms (CrowdStrike Fusion SOAR, IBM QRadar SOAR, SentinelOne Singularity automation, etc.)
- Scripting or automation skills (Python, PowerShell, Bash)
- Cloud security and logging experience (AWS, Azure, GCP)
- Palo Alto Networks certifications (PCNSE, PCSAE) or equivalent security certifications
Apply online at ArchonResources.com.
TULIT