Note: The job is a remote job and is open to candidates in USA. Trantor Inc. is a global technology services and consulting company headquartered in Palo Alto, California, specializing in cybersecurity and data solutions. They are seeking a Senior Professional Services Consultant to lead enterprise Security Operations implementations, working closely with customers to design and operationalize advanced security platforms.
Responsibilities
- Serve as a trusted technical advisor throughout customer engagements
- Conduct discovery, design, implementation and knowledge transfer workshops, technical assessments, and architecture sessions to understand customer requirements and define implementation roadmaps
- Assess existing SOC processes and recommend improvements to detection, automation, and incident response workflows
- Provide strategic guidance on Security Operations transformation, platform adoption, and operational best practices
- Present technical solutions, implementation progress, and recommendations to engineering teams, project stakeholders, and executive leadership
- Design and implement enterprise log ingestion strategies across endpoint, network, cloud, identity, SaaS, and infrastructure environments
- Deploy, configure, and optimize Cortex XSIAM
- Onboard, validate, normalize, and optimize enterprise log sources
- Develop and tune XQL-based correlation rules, analytics, BIOCs, IOCs, and detection content
- Design scalable detection strategies aligned with customer use cases and the MITRE ATT&CK framework
- Develop and maintain parsers, field mappings, normalization logic, and data models
- Monitor ingestion health, event quality, parser performance, and detection effectiveness
- Perform proactive threat hunting using endpoint, network, identity, and cloud telemetry to validate detections and improve security coverage
- Design, develop, deploy, and operationalize Cortex XSOAR solutions
- Design, develop, test, deploy and maintain production-grade playbooks, automations, integrations, custom scripts, and Content Packs
- Build custom integrations using Python, REST APIs, JSON, XML, OAuth, and webhooks
- Integrate Cortex XSOAR with SIEM, EDR/XDR, IAM, cloud platforms, ticketing systems, threat intelligence platforms, email security, and third-party security solutions
- Configure Cortex Marketplace integrations and reusable automation assets
- Bridge SIEM detections with automated response workflows to reduce Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR)
- Leverage Cortex XSIAM native AI capabilities and agentic automation to accelerate detection, investigation, and response workflows where applicable
- Develop, troubleshoot, and optimize advanced Regular Expressions (Regex) for: Log parsing, Field extraction, Data normalization, Parser development, Validation, Detection content, Data transformation
- Deploy, configure, and troubleshoot Linux-based infrastructure supporting XSIAM and XSOAR implementations
- Use Linux administration tools including SSH, grep, awk, sed, journalctl, systemctl, Bash scripting, cron, and log analysis to diagnose platform issues
- Troubleshoot log collectors, forwarders, agents, and platform services
- Apply networking fundamentals, including TCP/IP, DNS, Syslog, HTTP/HTTPS, SSL/TLS, firewall policies, proxy configurations, VPNs, routing, and packet capture (Wireshark/tcpdump), to resolve deployment and connectivity issues
- Diagnose and resolve log ingestion failures, parser issues, field mapping problems, and normalization errors
- Troubleshoot failed XSOAR playbooks, integrations, automation workflows, API authentication issues, and content pack deployments
- Investigate platform performance bottlenecks, event processing delays, and integration failures
- Collaborate with internal engineering teams and customer stakeholders to resolve complex deployment challenges and optimize platform performance
- Perform root cause analysis (RCA) and recommend permanent corrective actions for recurring platform issues
- Produce High-Level Designs (HLDs), Low-Level Designs (LLDs), architecture diagrams, implementation guides, as-built documentation, operational runbooks, parser documentation, and playbook documentation
- Conduct administrator training, operational handover sessions, and knowledge transfer workshops
- Enable SOC analysts and platform administrators to effectively operate and maintain deployed solutions
- Mentor junior consultants and engineers on implementation methodologies and best practices
- Contribute reusable automation assets, integration frameworks, and implementation standards
- Review technical deliverables to ensure quality and consistency across Professional Services engagements
Skills
- 5–10 years of hands-on experience implementing enterprise SIEM and SOAR platforms
- Hands-on experience deploying Cortex XSIAM
- Mandatory hands-on experience with Cortex XSOAR, including playbooks, automations, integrations, Content Packs, and custom scripting
- Strong expertise in XQL for querying, detection engineering, analytics, and threat hunting
- Expert-level Regular Expression (Regex) skills with experience developing complex parsers and normalization logic
- Strong understanding of enterprise log ingestion, parsing, normalization, correlation, and SIEM data models
- Experience onboarding endpoint, network, identity, cloud, and SaaS log sources
- Strong Linux/Unix administration skills, including SSH, Bash scripting, grep, awk, sed, journalctl, systemctl, cron, and system log analysis
- Strong networking fundamentals, including TCP/IP, DNS, Syslog, firewalls, proxies, VPNs, SSL/TLS, routing, and packet capture analysis
- Strong Python scripting skills for automation and integration development
- Experience developing REST API integrations using OAuth, JSON, XML, and webhooks
- Proven troubleshooting experience across SIEM and SOAR deployments, including log ingestion failures, parser issues, API authentication problems, automation failures, integration issues, and platform performance optimization
- Experience with detection engineering, threat hunting, SOC operations, and incident response
- Strong understanding of MITRE ATT&CK, NIST Cybersecurity Framework, CIS Controls, and Zero Trust principles
- Ability to read and create technical architecture and design documentation
- Excellent communication, presentation, and customer-facing consulting skills
- Experience migrating from Splunk, IBM QRadar, Microsoft Sentinel, Chronicle, ArcSight, or other SIEM platforms to Cortex XSIAM
- Experience integrating ServiceNow, Jira, EDR/XDR, IAM, Threat Intelligence Platforms (TIPs), vulnerability management solutions, email security platforms, and cloud security services
- Experience with AWS, Microsoft Azure, Google Cloud Platform (GCP), Microsoft 365, Okta, and Microsoft Entra ID
- Experience working in enterprise Professional Services or consulting organizations
- Experience mentoring technical teams or leading implementation workstreams
- Palo Alto Networks Certified Security Automation Engineer (PCSAE)
- Palo Alto Networks XSIAM Analyst
- CISSP
- CISM
- GIAC (GCIA, GCIH, GSOM, or equivalent)
- Security+
- Linux+ or equivalent Linux certification
- Cloud certifications (AWS, Azure, or GCP)
Company Overview
Company H1B Sponsorship