Role-XDR Threat Engineer/Consultant
*** CONSULTANT CAN WORK 2 jobs ***100% Remote
** PART TIME- ADDITIONAL WORK**
Duration: 100 hrs over 90 days - 10 hrs a week
Overview:
The EDR Threat Consultant will have experience in deploying & configuring Palo Alto Networks Cortex XDR and have a proven track record in architecting and optimizing the solution such as managing and respond to alerts. The candidate should possess a broad-based and in-depth knowledge of Endpoint technologies and concepts, along with complex security technologies, tools and methodologies.
Requirements:
- Should have 2+ yrs prior experience designing & architecting Cortex XDR solutions tailored to the client’s environment and security needs such as :
- Develop high-level and detailed solution blueprints, ensuring scalability and effectiveness
- Collaborate with stakeholders to define project requirements and deliverables.
- Should have 2+ yrs prior experience deploying & Integrating Cortex XDR in diverse environments, including on-premises, cloud, and hybrid setups.
- Integrating Cortex XDR with existing security tools, SIEM platforms, and infrastructure such as:
- Onboard and configure new log sources, ensuring compatibility and optimal data ingestion.
- Should be prior experience implement custom detection rules, alerts, and response workflows aligned with client requirements such as :
- Develop advanced use cases to address specific threats and business risks
- Continuously refine and optimize use cases based on threat landscape changes and client feedback.
- Should have prior experience monitoring & optimizing Cortex XDR performance to ensure high availability and efficiency such as conducting periodic health checks, fine-tuning, and system updates.
- Should have prior experience provide training to client teams on Cortex XDR features, configurations, and operations inclusive of creating comprehensive documentation, including architecture diagrams, deployment guides, and operational procedures.
- Proficiency in creating and optimizing detection rules, playbooks, and response workflows.
- Strong knowledge of cybersecurity principles, EDR/XDR platforms, and endpoint security.
- Familiarity with SIEM tools (e.g., Splunk, Sentinel) and threat intelligence platforms.
- One or more certifications in Security/Networking including Security+, GSEC, GCIA, GCIH, CISSP, CISM, CISA, or other security-specific vendors/product certifications.
- Strong written and verbal communications skills with an ability to present technical risks and issues to technical and non-technical audiences internal and external to the organization.