1

Xsiam Jobs in Reston, VA (NOW HIRING)

SOAR Engineers

Washington, DC · Hybrid

$120K - $150K/yr

Proficiency in developing automation playbooks and integrating security platforms such as Splunk ES, XSIAM, or ServiceNow Security Operations * Strong hands-on skills in programming or scripting ...

Xsiam information

What are the key skills and qualifications needed to thrive as an XSIAM (Extended Security Intelligence & Automation Management) Specialist, and why are they important?

To thrive as an XSIAM Specialist, you need a deep understanding of cybersecurity principles, incident response, and threat intelligence, along with relevant IT or cybersecurity certifications. Familiarity with security information and event management (SIEM) platforms—especially Palo Alto Networks’ Cortex XSIAM—and scripting or automation tools is crucial. Strong analytical thinking, attention to detail, and effective communication skills set top performers apart in this field. These competencies are critical for proactively detecting threats, automating security workflows, and ensuring robust organizational defense.

What is an XSIAM specialist?

An XSIAM specialist is a cybersecurity professional who focuses on managing and optimizing the Extended Security Intelligence and Automation Management (XSIAM) platform, developed by Palo Alto Networks. XSIAM integrates security data, analytics, and automated response capabilities to help organizations detect, investigate, and respond to cybersecurity threats more effectively. Specialists in this field are skilled in configuring the platform, integrating various data sources, creating automation playbooks, and analyzing security events to reduce incident response times. They often work closely with security operations centers (SOCs) to enhance threat detection and streamline security operations.

How does an XSIAM (Extended Security Intelligence and Automation Management) specialist typically collaborate with other teams within an organization?

An XSIAM specialist works closely with IT, security operations, and incident response teams to integrate and automate security workflows. Collaboration often involves coordinating with system administrators to implement automated threat detection and response, as well as working with security analysts to refine detection rules and improve incident investigation processes. Regular communication and cross-functional meetings are common to ensure that the XSIAM platform aligns with organizational security objectives and adapts to evolving threats.
What job categories do people searching Xsiam jobs in Reston, VA look for? The top searched job categories for Xsiam jobs in Reston, VA are:
What cities near Reston, VA are hiring for Xsiam jobs? Cities near Reston, VA with the most Xsiam job openings:

Cortex XSIAM Security Engineer

CELESTIAL INNOVATIONS GROUP LLC

Washington, DC • On-site

$120K - $150K/yr

Full-time

Medical, Dental, Vision, Retirement, PTO

Re-posted 28 days ago


Job description

Benefits:
  • 401(k)
  • Competitive salary
  • Dental insurance
  • Health insurance
  • Paid time off
  • Vision insurance

Position Summary
Celestial Innovations Group (CIG) is seeking a skilled Cortex XSIAM Security Engineer to deploy, configure, and operationalize Palo Alto Networks Cortex XSIAM for federal and enterprise clients. This role is at the center of CIG's AI-driven Security Operations practice, enabling clients to modernize their SOC by consolidating SIEM, XDR, SOAR, UEBA, ASM, and TIP capabilities into a single, converged platform.
The Cortex XSIAM Engineer will serve as a subject-matter expert (SME) throughout the full platform lifecycle: from requirements gathering and architecture design through deployment, integration, and continuous optimization — driving measurable improvements in threat detection and incident response times for our government and commercial clients.
Must be located in the DC Metro Area as this role requires onsite and remote support. 

Key Responsibilities
Platform Deployment & Integration
  • Lead end-to-end deployment of Cortex XSIAM for federal and enterprise clients, including data source onboarding, log ingestion, and normalization.
  • Integrate XSIAM with existing security ecosystem tools including firewalls, endpoints, cloud platforms, identity providers, and ticketing systems.
  • Configure data pipelines to ingest and normalize telemetry from diverse sources (endpoints, network, cloud, identity) into XSIAM's unified data model.
  • Migrate clients from legacy SIEM platforms to Cortex XSIAM, ensuring continuity of detection coverage and compliance reporting.
Detection Engineering & Analytics
  • Build and tune correlation rules, behavioral analytics, and ML-based detection models within XSIAM to reduce false positive rates and improve detection fidelity.
  • Develop and maintain XSIAM analytics leveraging XQL (Extended Query Language) to extract actionable insights from security telemetry.
  • Map detection content to MITRE ATT&CK framework, ensuring coverage across all relevant tactics, techniques, and procedures (TTPs).
  • Configure AI SmartScoring and technique-based incident grouping to reduce alert fatigue and prioritize analyst workload effectively.
Automation & Playbook Development
  • Design, build, and maintain SOAR automation playbooks within XSIAM to automate triage, enrichment, and remediation workflows.
  • Leverage Cortex Marketplace content packs and develop custom integrations as needed to support client-specific security processes.
  • Implement dev/prod playbook lifecycle management to ensure safe testing and controlled promotion of automation content.
  • Continuously improve automation coverage, targeting measurable reductions in manual analyst workload.
Incident Response & Threat Management
  • Serve as escalation point for complex incident investigations, using XSIAM causality chains and full attack-story visualizations to support rapid remediation.
  • Coordinate with client SOC teams during active incidents, leveraging XSIAM's embedded automation and enrichment capabilities.
  • Support Attack Surface Management (ASM) functions to proactively identify and remediate client exposure.
  • Utilize integrated Threat Intelligence Platform (TIP) capabilities, including Unit 42 threat feeds, to enrich alerts and inform response priorities.
Client Engagement & Advisory
  • Serve as a trusted technical advisor to federal and commercial clients on XSIAM capabilities, roadmap, and SOC modernization strategy.
  • Produce SOC performance dashboards, compliance reports, and executive summaries within XSIAM to support client governance requirements.
  • Conduct training and knowledge transfer sessions to build client SOC team proficiency on the XSIAM platform.
  • Support CIG business development efforts by contributing to proposals, demos, and technical capability briefings for prospective clients.

Required Qualifications
  • 3+ years of hands-on experience with Palo Alto Networks Cortex XDR or Cortex XSIAM in an enterprise or federal environment.
  • Demonstrated experience deploying or administering SIEM platforms (Splunk, Microsoft Sentinel, IBM QRadar, or equivalent).
  • Proficiency with XQL or comparable query languages for log analysis and threat hunting.
  • Working knowledge of SOAR concepts and experience building security automation playbooks.
  • Understanding of EDR, NDR, and UEBA technologies and how they feed into a converged SOC platform.
  • Familiarity with MITRE ATT&CK framework and its application to detection engineering.
  • Active Secret clearance (minimum); TS/SCI preferred for federal engagements.
  • Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or related field, OR equivalent professional experience.

Preferred Qualifications
  • Palo Alto Networks Certified Security Automation Engineer (PCSAE) or Cortex XSIAM-specific certification.
  • Experience with federal compliance frameworks including NIST SP 800-53, RMF, DISA STIGs, and CDM program requirements.
  • Familiarity with Zero Trust Architecture principles (NIST SP 800-207, CISA ZT Maturity Model) and how XSIAM supports ZTA adoption.
  • Experience integrating Cortex XSIAM with Palo Alto Networks NGFW, Prisma Cloud, or Zscaler platforms.
  • Knowledge of cloud security telemetry sources (AWS, Azure, GCP) and their ingestion into XSIAM.
  • Exposure to Python or JavaScript for custom XSIAM integration development or automation scripting.
  • Prior experience supporting federal SOC operations or DHS CDM program environments.
  • CISSP, CEH, CompTIA Security+, or equivalent security certification.

Technical Skills & Tools
SOC Platforms
  • Cortex XSIAM / XDR
  • Cortex XSOAR
  • SIEM platforms
  • XQL query language
  • EDR / NDR / UEBA
Security Frameworks
  • MITRE ATT&CK
  • NIST SP 800-53 / RMF
  • NIST SP 800-207 (Zero Trust Architecture)
  • CISA Zero Trust Maturity Model
  • DISA STIGs
Integrations & Tools
  • Palo Alto NGFW / Prisma
  • Zscaler ZIA / ZPA
  • Microsoft Sentinel / Azure
  • ServiceNow / Ticketing systems
  • AWS / Azure / GCP

Flexible work from home options available.