Palo Alto XSIAM Detection Engineer (XQL & SOAR Automation)
Astra North Infoteck Inc.
- Calgary, AB
- Permanent
- Full-time
Skills: Cyber Security~Palo Alto
Experience Required: 8-10Role Description:
Detection Engineering of XQL (Cortex XDRXSIAM) for rule authoring| hunting| aggregations| and joins Playbook design (branching logic| approvals| SLAs| human-in-the-loop). SOAR automation patterns enrichment| containment| notification| ticketing| evidence handling.
Palo Alto Networks XSIAMXDRXSOAR - XQL query authoring| tuning| and performance optimization.
Workflow integration with SIEMSOAR and ticketing (SNOWJira).
Design| build| and optimize security detection rules using XQL queries within XSIAM to identify threats and anomalous behavior.
Develop and maintain correlation rules| behavior analytics| and signature-based detections to improve detection accuracy and reduce false positives.
Build| manage| and maintain custom collectors| parsers| and data ingestion pipelines for multiple security data sources.
Develop and enhance automated response playbooks using XSIAMs native automation engine to support incident triage and response.
Convert manual incident response runbooks into fully automated XSOAR playbooks| improving response efficiency and consistency.
Research| evaluate| and assess XSIAM AI agents| identifying opportunities for adoption and defining how it can leverage them effectively.
Respond to and fulfill XSIAM data requests| including queries| reports| dashboards| and ad hoc security analytics.
Maintain and update CMDB records and ServiceNow (SNOW) forms| ensuring accurate asset data| workflows| and integration with security processes