Location: Remote Employment Type: Contract

ABOUT TELENCE SOLUTIONS

Telence Solutions is a multi-vendor technology services company headquartered in Ajax, Ontario, Canada, with operations across North America and EMEA. We deliver end-to-end design, migration, and managed services across optical networking, IP routing, security, and AI-driven network operations. Our team of certified engineers partners with carriers, enterprises, and system integrators to solve complex network and security challenges. As we grow our Security Operations practice, we are looking for a deeply experienced Palo Alto Cortex XSIAM Engineer to join our team and lead XSIAM deployments, integrations, and SOC transformation engagements for our clients.

ROLE OVERVIEW

The Palo Alto XSIAM Security Engineer will serve as Telence's subject matter expert for Cortex XSIAM deployments. You will lead the design, deployment, data onboarding, playbook development, and ongoing optimisation of Cortex XSIAM environments for enterprise and carrier customers. You will work closely with clients’ SOC teams, providing hands-on engineering, threat detection tuning, and automation development across multi-vendor security environments. This is a highly technical, client-facing role. You will be expected to lead discovery workshops, architecture reviews, and operational handovers, as well as act as an escalation point for complex XSIAM issues across Telence’s customer base.

KEY RESPONSIBILITIES

XSIAM Deployment & Configuration

• Lead end-to-end deployment and configuration of Cortex XSIAM for enterprise and service provider environments
• Design and implement data ingestion pipelines, connecting multi-vendor log sources, SIEM feeds, and third-party security tools
• Configure and optimise XSIAM parsers, normalisation rules, and correlation models across diverse data sources
• Manage XSIAM tenant administration, role-based access control (RBAC), and integration with identity providers

Threat Detection & Analytics

• Develop and tune detection rules, BIOC (Behavioural Indicators of Compromise) alerts, and correlation queries
• Build and maintain threat intelligence integrations within XSIAM, including IOC feeds and MITRE ATT&CK mappings
• Conduct threat hunting using XSIAM’s XQL query language and graph-based investigation capabilities
• Identify detection gaps and continuously improve SOC signal quality to reduce false positives and alert fatigue

Automation & Playbook Development

• Design, build, and maintain automated response playbooks within XSIAM’s SOAR engine
• Integrate XSIAM with ticketing, collaboration, and case management platforms (e.g. ServiceNow, Jira, PagerDuty)
• Develop custom scripts and integrations using Python to extend XSIAM automation capabilities
• Document playbook logic, automation workflows, and integration architectures for handover to client SOC teams

Incident Response & SOC Operations

• Lead and support incident investigation and response workflows within XSIAM environments
• Perform root cause analysis on security incidents and deliver post-incident reports with remediation recommendations
• Define and implement SOC operational procedures, runbooks, and escalation workflows
• Support clients through security audits, vulnerability assessments, and compliance reporting using XSIAM

Client Engagement & Consulting

• Lead client discovery sessions, architecture workshops, and technical presentations on XSIAM capabilities
• Provide guidance on SOC modernisation strategy, including migration from legacy SIEM platforms to XSIAM
• Act as the escalation engineer for XSIAM-related issues across Telence’s customer accounts
• Mentor junior security engineers and share knowledge across the Telence security practice

REQUIRED QUALIFICATIONS

Experience

• 7+ years of hands-on experience in cybersecurity, security operations, or SOC engineering
• 3+ years of direct experience deploying, configuring, and operating Palo Alto Networks Cortex XSIAM or Cortex XDR in enterprise environments
• Proven track record delivering XSIAM implementations, including data onboarding, parser development, and playbook automation
• Experience managing and tuning detection rules, BIOC alerts, and XQL-based threat hunts in production environments
• Hands-on experience with SOAR automation: playbook design, integration development, and incident workflow orchestration
• Background in at least one adjacent security discipline: network security (NGFW/Panorama), endpoint detection (EDR), cloud security (Prisma Cloud), or identity security

Certifications (Required or Strongly Preferred)

• Palo Alto Networks XSIAM Engineer certification (Specialist level, Security Operations track)
• Palo Alto Networks XSIAM Analyst certification
• Security Operations Professional (Palo Alto Networks) or equivalent Cortex platform credential
• Additional Palo Alto certifications such as NGFW Engineer or Network Security Professional are a strong plus
• Industry certifications valued: CISSP, CISM, CEH, CompTIA Security+, or GIAC (GSOM, GCIH, GCIA)

Technical Skills

• Cortex XSIAM: data onboarding, parser configuration, BIOC/correlation rules, XQL, case management
• Cortex XDR: endpoint protection policy, prevention profiles, and investigation workflows
• Palo Alto NGFW / PAN-OS: security policy, App-ID, User-ID, SSL decryption, Panorama
• SIEM/SOAR platforms: experience migrating from or integrating with Splunk, Microsoft Sentinel, IBM QRadar, or similar
• Networking fundamentals: TCP/IP, routing protocols, firewall policy, VPN, and segmentation
• Scripting & automation: Python (required), with familiarity in REST APIs, JSON, and YAML
• Cloud environments: AWS, Azure, or GCP security posture and log integration with XSIAM
• MITRE ATT&CK framework: mapping detections, threat modelling, and adversary emulation
• Log sources & data onboarding: Syslog, CEF, LEEF, Windows Event Logs, cloud-native logs

PREFERRED QUALIFICATIONS

• Experience working in a managed security services provider (MSSP) or professional services environment
• Familiarity with Palo Alto Prisma Access, Prisma Cloud, or Cortex XSOAR (in addition to XSIAM)
• Exposure to telecommunications or carrier-grade network environments
• Experience presenting to executive stakeholders and leading technical workshops with enterprise clients
• Knowledge of regulatory frameworks: SOC 2, ISO 27001, NIST CSF, PCI-DSS, or HIPAA
• Familiarity with Zero Trust architecture principles and implementation