Cortex XSIAM Engineer

• Proven expertise in onboarding log sources and integrating them into Cortex XSIAM using Broker VMs, XDR Collectors, and custom ingestion methods.

• Proficient in developing and managing XSIAM Data Models, including field mapping, enrichment, normalization, and schema standardization across multiple data sources.

• Strong experience crafting and optimizing detection logic using XQL (XSIAM Query Language) to build high-fidelity correlation rules, dashboards, and proactive threat hunting queries.

• Solid understanding of Palo Alto XDR endpoint integration, sensor health monitoring, and policy tuning for enhanced endpoint visibility.

• Experienced in event collection strategy, log onboarding, log tuning, and normalization to ensure high-quality and actionable data within the XSIAM platform.

• Demonstrated ability to translate security monitoring requirements into use cases and actionable detection content, aligned with MITRE ATT&CK and industry best practices.

• Familiarity with broader SIEM technologies (e.g., Splunk, IBM QRadar) and how they compare/contrast with Cortex XSIAM architecture and capabilities.

• Strong grasp of security operations workflows, alert triage, threat detection, incident response, and automation within XSIAM.

• Hands-on experience creating and managing security dashboards and visualizations to provide meaningful insights for SOC teams and leadership.

• Expertise in Regular Expressions (Regex), JSON parsing, and log analysis to derive context-rich detection strategies.

• Working knowledge of generating performance and health reports across log source status, ingestion rates, data pipeline performance, and detection coverage.

• Relevant certifications (e.g., Palo Alto Networks Certified XSIAM Engineer or XSIAM Analyst or XSIAM EDU-270). Bachelor's degree in computer science, Information Security, or related field is a plus.

Activities / Responsibilities - Cortex XSIAM

• Collaborate with technical leads and stakeholders to define and execute a robust log ingestion strategy for Cortex XSIAM using Broker VMs and Collectors.

• Serve as both a Security Analyst and SIEM Engineer, owning end-to-end workflows from data onboarding to detection content development and incident response support.

• Design and implement XQL-based correlation rules to detect and alert on suspicious behavior across endpoint, network, and cloud environments.

• Create, tune, and manage data models to normalize and enrich telemetry data in alignment with Cortex XSIAM's schema requirements.

• Build operational dashboards using XQL that provide actionable insights into threat posture, detection efficacy, and log source coverage.

• Act as SME for XSIAM log ingestion processes, correlation logic, alert tuning, and detection strategy development.

• Engage directly with end customers to assess their environment, identify visibility gaps, and provide strategic recommendations for log onboarding and threat coverage.

Do

• Ensuring customer centricity by providing apt cybersecurity
• Monitoring and safeguarding the log sources and security access
• Planning for disaster recovery in the event of any security breaches
• Monitor for attacks, intrusions and unusual, unauthorized or illegal activity
• Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems
• Conduct security assessments, risk analysis and root cause analysis of security incidents
• Handling incidents escalated by the L1 team in 24x7 rotational shifts
• Use advanced analytics tools to determine emerging threat patterns and vulnerabilities
• Completing all tactical security operations tasks associated with this engagement.
• Analyses all the attacks and come up with remedial attack analysis
• Conduct detailed analysis of incidents and create reports and dashboards
• Stakeholder coordination & audit assistance
• Liaise with stakeholders in relation to cyber security issues and provide future recommendations
• Maintain an information security risk register and assist with internal and external audits relating to information security
• Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues
• Advice and guidance to employees on issues such as spam and unwanted or malicious emails

Deliver

No.

Performance Parameter

Measure

1.

Customer centricity

Timely security breach solutioning to end users, Internal stakeholders & external customers experience

2.

Process Adherence

Adherence to SLAà ¢Ã,€Ã,™s (90-95%), response time and resolution time TAT

Mandatory Skills: Cloud Security Posture Management .

Experience: 5-8 Years .

The expected compensation for this role ranges from $60,000 to $135,000 .

Final compensation will depend on various factors, including your geographical location, minimum wage obligations, skills, and relevant experience. Based on the position, the role is also eligible for Wipro's standard benefits including a full range of medical and dental benefits options, disability insurance, paid time off (inclusive of sick leave), other paid and unpaid leave options.

Applicants are advised that employment in some roles may be conditioned on successful completion of a post-offer drug screening, subject to applicable state law.

Wipro provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. Applications from veterans and people with disabilities are explicitly welcome.

Reinvent your world. We are building a modern Wipro. We are an end-to-end digital transformation partner with the boldest ambitions. To realize them, we need people inspired by reinvention. Of yourself, your career, and your skills. We want to see the constant evolution of our business and our industry. It has always been in our DNA - as the world around us changes, so do we. Join a business powered by purpose and a place that empowers you to design your own reinvention.

Client-provided location(s): Douglasville, GA

Job ID: Wipro-144833

Employment Type: FULL_TIME

Posted: 2026-03-10T19:04:17