Aktuelle Jobs

Role Overview
We are seeking a Cortex XDR Consultant with strong experience in endpoint detection and response, security monitoring, and incident response. The ideal candidate will have hands-on expertise with Palo Alto Networks Cortex XDR and a solid background in SIEM technologies, preferably within a SOC or Incident Response environment. This role involves designing, implementing, tuning, and operationalizing detection and response capabilities to enhance an organization’s security posture.

Key Responsibilities
Cortex XDR & Detection Engineering

• Deploy, configure, and manage Palo Alto Networks Cortex XDR in enterprise environments
• Develop, customize, and tune XDR detection rules, alerts, and correlation logic
• Optimize endpoint visibility across Windows, Linux, and macOS environments
• Perform threat hunting using Cortex XDR analytics, behavioral indicators, and telemetry
• Integrate Cortex XDR with other security tools (firewalls, identity platforms, TI feeds)

Incident Response & SOC Support

• Act as a subject-matter expert during security incidents, including malware, ransomware, lateral movement, and insider threats
• Lead or support incident investigation, triage, containment, and remediation
• Provide guidance on playbooks, SOAR workflows, and response automation
• Support SOC maturity initiatives (alert reduction, detection quality, response time)

• Integrate Cortex XDR with SIEM platforms (e.g., Splunk, Sentinel, QRadar, Elastic)
• Develop and tune SIEM use cases aligned to MITRE ATT&CK
• Correlate endpoint telemetry with network, cloud, and identity logs
• Assist with log onboarding, normalization, and enrichment

• Conduct security assessments and XDR readiness reviews
• Provide best-practice recommendations for SOC operations and tooling
• Deliver documentation, operational handover, and knowledge transfer

Support customers during POCs, audits, and threat simulations

Required Technical Skills
Endpoint & XDR

• Hands-on experience with Palo Alto Networks Cortex XDR
• Strong understanding of:
  • Endpoint telemetry (process, registry, network, file system)
  • Behavioral detection and anomaly-based analytics
  • MITRE ATT&CK framework

• Proven experience in SOC or Incident Response
• Strong knowledge of:
  • Malware analysis fundamentals
  • Attack lifecycle and kill chain
  • Digital forensics basics (endpoint-focused)
• Ability to interpret indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs)

• Experience with at least one SIEM platform (background in any SIEM is acceptable)
• Log analysis and correlation across multiple data sources
• Strong querying skills (KQL, SPL, Lucene, or similar)

• Operating systems: Windows, Linux, macOS
• Basic scripting and automation skills:
  • Python, PowerShell, or Bash
• Familiarity with APIs and security integrations

• Palo Alto Networks Certified Cortex XDR Analyst
• Palo Alto Networks Certified Cortex XDR Engineer
• Additional Relevant Certifications (Any Background)
• SIEM-related certifications (e.g., Splunk, Microsoft Sentinel, Elastic, QRadar)
• Incident response certifications:
  • GIAC (GCIH, GCED, GCIA)
  • Blue Team Level 1 or 2 (BTL1/BTL2)
  • EC-Council (CHFI, CEH – operational focus preferred)
• Security foundations:
• CISSP, CISM, or Security+