Drag

Security

Location : ,

Job Description

Role-XDR Threat Engineer/Consultant

*** CONSULTANT CAN WORK 2 jobs ***100% Remote
** PART TIME- ADDITIONAL WORK**

Duration: 100 hrs over 90 days - 10 hrs a week

Overview:
The EDR Threat Consultant will have experience in deploying & configuring Palo Alto Networks Cortex XDR and have a proven track record in architecting and optimizing the solution such as managing and respond to alerts.  The candidate should possess a broad-based and in-depth knowledge of Endpoint technologies and concepts, along with complex security technologies, tools and methodologies.

Requirements:

  1. Should have 2+ yrs prior experience designing & architecting Cortex XDR solutions tailored to the client’s environment and security needs such as :
    • Develop high-level and detailed solution blueprints, ensuring scalability and effectiveness
    • Collaborate with stakeholders to define project requirements and deliverables.
  2. Should have 2+ yrs prior experience deploying & Integrating Cortex XDR in diverse environments, including on-premises, cloud, and hybrid setups.
  3. Integrating Cortex XDR with existing security tools, SIEM platforms, and infrastructure such as:
    • Onboard and configure new log sources, ensuring compatibility and optimal data ingestion.
  4. Should be prior experience implement custom detection rules, alerts, and response workflows aligned with client requirements such as :
    • Develop advanced use cases to address specific threats and business risks
    • Continuously refine and optimize use cases based on threat landscape changes and client feedback.
  5. Should have prior experience monitoring & optimizing Cortex XDR performance to ensure high availability and efficiency such as conducting  periodic health checks, fine-tuning, and system updates.
  6. Should have prior experience provide training to client teams on Cortex XDR features, configurations, and operations inclusive of creating comprehensive documentation, including architecture diagrams, deployment guides, and operational procedures.
    • Proficiency in creating and optimizing detection rules, playbooks, and response workflows.
  7. Strong knowledge of cybersecurity principles, EDR/XDR platforms, and endpoint security.
  8. Familiarity with SIEM tools (e.g., Splunk, Sentinel) and threat intelligence platforms.
  9. One or more certifications in Security/Networking including Security+, GSEC, GCIA, GCIH, CISSP, CISM, CISA, or other security-specific vendors/product certifications.
  10. Strong written and verbal communications skills with an ability to present technical risks and issues to technical and non-technical audiences internal and external to the organization.