Title: SOC Analyst
Location: New York, NY 10004 (hybrid)
Duration: Full-time with Apexon (W2)
Interview: 3 rounds of interviews, including management and technical. 40 Hrs/week!!
Required Skills :
- 10+ years in SOC roles (analyst/engineer/architect/consultant).
- Proven deployment/operations of XSIAM (or Cortex XDR/XSOAR in an XSIAM context).
- QRadar expertise (rules, log sources/flows, reference sets, AQL).
- CP4S SOAR/case management experience;
- ability to translate workflows cross-platform.
- Participation in at least one enterprise-scale SIEM/SOAR migration.
- XQL proficiency; detection rule development.
- SIEM normalization, onboarding, and field mapping. SOAR playbook design and workflow automation.
- MITRE ATT&CK–based detection engineering and gap analysis. Telemetry across cloud, endpoint, network, and identity. Scripting for integrations/automation (Python, JavaScript, or similar).
- Strong SOC operations knowledge (triage, hunting, IR, shift handover, tuning/FP reduction, threat intel operationalization).
- Preferred Palo Alto certs (PCCSA/PCNSA/XSIAM/XSOAR training).
- QRadar certification (or equivalent depth).
- Regulated industry experience (FSI, government, healthcare).
- Logging/data pipeline familiarity (Syslog-ng, Kafka, Cribl, etc.).
- Purple team or detection-as-code background.
Responsibilities :
- As a Senior Security Operations Platform Engineer, you will partner with SOC leadership, engineering, and stakeholders to ensure the migration is not a tool swap, but a measurable uplift in detection, response, and operational maturity.
Key Responsibilities:
- SOC Process Transformation Assess current triage, escalation, SLAs, and operating rhythms.
- Redesign workflows to align with XSIAM (correlation, automated triage, AI-driven prioritization).
- Build/implement incident response playbooks and automation rules in XSIAM. Define KPIs, metrics, and dashboards to improve SOC visibility and performance.
- Platform Migration & Deployment Lead end-to-end migration of SIEM/SOAR capabilities from QRadar/CP4S to XSIAM. Inventory and translate CP4S playbooks/runbooks into XSIAM automations.
- Establish content lifecycle management for multi-tenancy, tuning, and optimization.
- Define common workflows (incident/shift management, automation development, knowledge management).
- Ensure alert fidelity, data integrity, and coverage continuity through cutover.
- Modern SOC Architecture & Advisory Advise on next-gen SOC design across people, process, technology, and governance.
- Close detection gaps using XSIAM’s unified data model, UEBA, threat intel, and attack surface management.
- Recommend SOC structure (tiering), automation-first strategies, and response patterns.
- Mentor/upskill staff on XSIAM operations, XQL, and platform-native automation.
- Stakeholder Engagement & Documentation Produce migration plans, technical designs, runbooks, and post-implementation reporting.
- Provide regular updates on progress, risks, and recommendations to senior leadership. Coordinate with Palo Alto professional services and internal engineering as needed.
Expected Deliverable(s) :
- Log source parsers and data normalization, log pipeline implementation, SOC analyst workflows and automations, cybersecurity use-case detections and tuning.
