Role Description Celestial Innovations Group (CIG) is seeking a skilled Cortex XSIAM Security Engineer to deploy, configure, and operationalize Palo Alto Networks Cortex XSIAM for federal and enterprise clients. This role is at the center of CIG's AI-driven Security Operations practice, enabling clients to modernize their SOC by consolidating SIEM, XDR, SOAR, UEBA, ASM, and TIP capabilities into a single, converged platform. The Cortex XSIAM Engineer will serve as a subject-matter expert (SME) throughout the full platform lifecycle: - Requirements gathering and architecture design - Deployment, integration, and continuous optimization - Driving measurable improvements in threat detection and incident response times for government and commercial clients Qualifications - 3+ years of hands-on experience with Palo Alto Networks Cortex XDR or Cortex XSIAM in an enterprise or federal environment - Demonstrated experience deploying or administering SIEM platforms (Splunk, Microsoft Sentinel, IBM QRadar, or equivalent) - Proficiency with XQL or comparable query languages for log analysis and threat hunting - Working knowledge of SOAR concepts and experience building security automation playbooks - Understanding of EDR, NDR, and UEBA technologies and how they feed into a converged SOC platform - Familiarity with MITRE ATT&CK framework and its application to detection engineering - Active Secret clearance (minimum); TS/SCI preferred for federal engagements - Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or related field, OR equivalent professional experience Requirements - Lead end-to-end deployment of Cortex XSIAM for federal and enterprise clients, including data source onboarding, log ingestion, and normalization - Integrate XSIAM with existing security ecosystem tools including firewalls, endpoints, cloud platforms, identity providers, and ticketing systems - Configure data pipelines to ingest and normalize telemetry from diverse sources (endpoints, network, cloud, identity) into XSIAM's unified data model - Migrate clients from legacy SIEM platforms to Cortex XSIAM, ensuring continuity of detection coverage and compliance reporting - Build and tune correlation rules, behavioral analytics, and ML-based detection models within XSIAM to reduce false positive rates and improve detection fidelity - Develop and maintain XSIAM analytics leveraging XQL (Extended Query Language) to extract actionable insights from security telemetry - Map detection content to MITRE ATT&CK framework, ensuring coverage across all relevant tactics, techniques, and procedures (TTPs) - Configure AI SmartScoring and technique-based incident grouping to reduce alert fatigue and prioritize analyst workload effectively - Design, build, and maintain SOAR automation playbooks within XSIAM to automate triage, enrichment, and remediation workflows - Leverage Cortex Marketplace content packs and develop custom integrations as needed to support client-specific security processes - Implement dev/prod playbook lifecycle management to ensure safe testing and controlled promotion of automation content - Continuously improve automation coverage, targeting measurable reductions in manual analyst workload - Serve as escalation point for complex incident investigations, using XSIAM causality chains and full attack-story visualizations to support rapid remediation - Coordinate with client SOC teams during active incidents, leveraging XSIAM's embedded automation and enrichment capabilities - Support Attack Surface Management (ASM) functions to proactively identify and remediate client exposure - Utilize integrated Threat Intelligence Platform (TIP) capabilities, including Unit 42 threat feeds, to enrich alerts and inform response priorities - Serve as a trusted technical advisor to federal and commercial clients on XSIAM capabilities, roadmap, and SOC modernization strategy - Produce SOC performance dashboards, compliance reports, and executive summaries within XSIAM to support client governance requirements - Conduct training and knowledge transfer sessions to build client SOC team proficiency on the XSIAM platform - Support CIG business development efforts by contributing to proposals, demos, and technical capability briefings for prospective clients Benefits - 401(k) - Competitive salary - Dental insurance - Health insurance - Paid time off - Vision insurance Preferred Qualifications - Palo Alto Networks Certified Security Automation Engineer (PCSAE) or Cortex XSIAM-specific certification - Experience with federal compliance frameworks including NIST SP 800-53, RMF, DISA STIGs, and CDM program requirements - Familiarity with Zero Trust Architecture principles (NIST SP 800-207, CISA ZT Maturity Model) and how XSIAM supports ZTA adoption - Experience integrating Cortex XSIAM with Palo Alto Networks NGFW, Prisma Cloud, or Zscaler platforms - Knowledge of cloud security telemetry sources (AWS, Azure, GCP) and their ingestion into XSIAM - Exposure to Python or JavaScript for custom XSIAM integration development or automation scripting - Prior experience supporting federal SOC operations or DHS CDM program environments - CISSP, CEH, CompTIA Security+, or equivalent security certification Technical Skills & Tools - SOC Platforms - Cortex XSIAM / XDR - Cortex XSOAR - SIEM platforms - XQL query language - EDR / NDR / UEBA - Security Frameworks - MITRE ATT&CK - NIST SP 800-53 / RMF - NIST SP 800-207 (Zero Trust Architecture) - CISA Zero Trust Maturity Model - DISA STIGs - Integrations & Tools - Palo Alto NGFW / Prisma - Zscaler ZIA / ZPA - Microsoft Sentinel / Azure - ServiceNow / Ticketing systems - AWS / Azure / GCP Flexible work from home options available.

• Lead and manage a team of security professionals conducting cybersecurity assessments • Provide task leadership, work allocation, and mentorship to team members • Develop, refine, and implement effective security assessment strategies and methodologies • Support the maturation and continuous improvement of the cybersecurity assessment program • Prepare for and execute scheduled assessments by interviewing personnel, testing controls, and reviewing evidence • Document findings, deficiencies, and provide risk-based recommendations for improvement • Analyze assessment results and prepare comprehensive reports

• Lead and manage a global engineering team of engineers, overseeing recruitment, onboarding, regular one-on-one meetings, performance reviews, and career development. • Inspire and influence peers, direct reports, and stakeholders to achieve business objectives and embrace change. • Influence and innovate new solutions to challenging security problems. • Embrace approach of making collaborative, fast, local decisions; then course correct as/if needed (test/learn/iterate). • Provide meaningful/thoughtful feedback on others as requested. • Facilitate and participate in agile ceremonies, including daily standups, inception and iteration planning, backlog refinement, and retrospectives. • Collaborate closely with product managers to ensure technical input informs product scope and delivery. • Partner in collaboration and strategy alignment across product portfolios (cross-product) in partnership with product managers, other peers and key stakeholders with the customer needs and wants in mind. • Actively contribute to software development efforts, writing, reviewing, and guiding code to ensure high-quality, scalable, and secure implementations. • Balance technical leadership with hands-on coding to drive project success and mentor the team through example. • Serve as an expert in the domain of information security engineering. • Participate in the effort of shaping the architecture and design of the product; actively helps the team in choosing the right technology, solving technical problems, Satisfy all administrative-type requirements such as timesheets, performance management process, annual compliance, security training, etc.

WorkWave is the leading provider of cloud-based software solutions to pest control, lawn care, landscape management, and other green industries. Our special sauce is our team: We’re a group of makers, doers, creative thinkers, and hard workers, and we’re always looking for individuals who embrace those ideals to come and help us grow. When you become a part of this company, you’ll become part of a dynamic, friendly, fun, and forward-looking community. We are seeking a Security Operations Engineer with a builder’s mindset to join our team. In this role, you will bridge the gap between Security and Engineering, partnering with our engineering teams to consolidate our logging and build a unified observability platform (logs, metrics, synthetics). You will be the primary architect of our detection logic, responsible for implementing our new SIEM and transforming raw data into high-fidelity alerts. While you will not be the sole monitor of our environment, you will serve as the technical escalation point for our MDR provider (Sophos) and the primary owner of our incident response framework—building the runbooks, playbooks, and triage guides that define how we respond to threats. This is a unique opportunity for an experienced professional to step up from day-to-day analysis and own the design and implementation of a modern detection and response program. WHAT YOU'LL DO: SIEM Implementation & Detection Engineering - Serve as the primary implementer for the new SIEM solution, configuring data ingestion and tuning the platform for optimal performance. - Own the security observability platform on Grafana (Loki/LogQL, Prometheus/PromQL, Grafana Alerting; OTel for collection), including onboarding sources, parsing, enrichment, and alert routing. - Own the "Content Engineering" lifecycle: Write, test, and tune detection rules and queries (LogQL, PromQL, SPL, KQL, SQL, etc.) to identify malicious activity with low false-positive rates. - Partner with the Engineering team to ensure the new observability platform captures the right security telemetry and logs. - Serve as the primary operator for security monitoring and initial incident triage, participating in the on-call rotation. Telemetry Engineering & Observability (Security) - Define logging standards and required security telemetry for product and infrastructure. - Own log onboarding, parsing, enrichment, normalization, retention, and cost controls. - Build dashboards and SLOs for security telemetry health (coverage, latency, drop rate). Incident Response & Process Development - Develop and maintain the library of Incident Response documents, including Triage Books, Runbooks, and Playbooks for future on-call rotation. - Act as the primary technical liaison for our MDR provider (Sophos), ensuring they have the context needed to monitor effectively. - Lead deeper analysis and threat hunting investigations for complex alerts escalated by the MDR or internal teams. - Own alert routing and incident tracking integration (PagerDuty + Jira/Slack), including severity model, escalation paths, and reporting. - Lead incident coordination, write post-incident reviews, and drive corrective actions with Engineering. - Own phishing detection/response workflows and playbooks (user reports, triage, containment). Operational Health & Optimization - Continuously evaluate the efficacy of alerts and automations; refine logic to reduce alert fatigue. - Assist in defining log schemas to ensure data is parsed correctly for both security and engineering use cases. - Evaluate and implement AI-assisted tools to streamline query generation and dashboard creation. - Own the integration and correlation between MDR alerts and internal SIEM/incident tracking. - Implement least-privilege access to security telemetry and ensure logging pipelines avoid sensitive data leakage. WHAT YOU'LL BRING: - 5-7 years of total experience in Information Security or Security Operations. - Proven experience transitioning from a "consumer" of alerts (Analyst) to a "builder" of detections (Engineer). - Demonstrated experience working with SIEM/observability platforms (Grafana/Loki preferred; Splunk/Elastic/Sentinel/Datadog acceptable), specifically in creating dashboards, reports, and writing complex queries. - Experience working with Managed Detection and Response (MDR) providers or MSSPs is highly preferred. - Background in partnering with DevOps or Engineering teams on logging or observability initiatives is a plus. - Bachelor’s degree in Computer Science, Information Security, or a related field or equivalent work experience. - Industry certifications such as GCIH, GCIA, GCED, GMON, Security+, CySA+ or related are highly desirable. YOUR TECHNICAL TOOLKIT: - Query Languages: Strong proficiency in query languages (e.g., LogQL, PromQL, KQL, SPL, SQL) to interrogate data and build dashboards. - Detection Logic: Ability to translate threat intelligence and MITRE ATT&CK techniques into actionable detection rules. - Response Frameworks: Deep understanding of the Incident Response Lifecycle (NIST or SANS) and experience writing clear, executable runbooks. - Light Scripting: Familiarity with Python or similar scripting languages for automation or API integration is beneficial (though not a primary coding role). WHAT SETS YOU APART: - Operator-to-Builder Mindset: The ability to understand the "pain" of a bad alert and the drive to engineer a better solution. - Cross-Functional Collaboration: Ability to work effectively with Engineering teams to align on data formatting and ingestion without friction. - Autonomy: Capable of prioritizing work and driving the SIEM implementation forward with minimal oversight. A GLOBAL COMPANY WITH A LOCAL PRESENCE: • We know that there are benefits of being in the office and working from home. WorkWave promotes a healthy work/life balance and provides employees with the flexibility of collaborating in the office or the option to work virtually if desired. • We have employees in over 30 states, 7 countries and many regional offices - each with their own set of perks and opportunities to give back to the local community. • Whether you work remotely or take advantage of one of our offices, you’ll find a community of WorkWavers that value diversity, and care deeply about our products, clients, our communities and each other. LOVE WHAT YOU DO, NO MATTER WHERE YOU DO IT: • Our HQ is based at our state of the art home office in the historic Bell Works complex located in Holmdel Township, New Jersey • With everything you could find in a great downtown -- from restaurants and retail to art and culture the Bell Works “Metroburb” is a microcosm of innovation, possibility, and inspiration and WorkWave is proud to be a part of it • Pharmacy, urgent care, bank, restaurants, florist, gym, dentist, outdoor patio bar and weekly farmers market all conveniently located on the first floor - making running errands on a break a breeze. • We work hard but play hard too...need a break? When in the office kick back in our common area, play a game of arcade basketball, video games in our game rooms or face off in a ping pong match • WORKING REMOTE? Great! Our teams are well versed at working collaboratively in a fully virtual environment. We keep our offices available to all to use when working remotely isn’t feasible, or to help with cross training, team building and/or brainstorming. RELAX, WE'VE GOT YOU COVERED: • Employees can expect a robust benefits package, including health and dental and 401k with company match AND BEYOND... • Find your perfect work/life balance with our Flexible Time Off policy or generous PTO plan (role dependent) and paid holidays • Tuition reimbursement • Robust Employee Assistance Program through TotalCare offering free counseling 24/7/365, plus financial counseling, legal guidance, adoption assistance services and much more! • 24/7 access to virtual medical care with Teladoc • Quarterly awards based on peer nominations • Regional discounts and perks • Opportunities to participate in charitable events and give back to the community GROW WITH US: • We understand the impact of attracting and keeping top talent and reward intellectual curiosity and a thirst for personal and professional growth • Encouraging our employees that already have an intimate knowledge of and passion for our products to apply for other roles within our walls just makes sense! • Our employees have access to extensive video libraries for soft skill and role specific training available 24/7 and live trainings are provided throughout the year JOIN OUR WINNING TEAM! • 10 Time winner of Best Place to Work in New Jersey by NJBiz ! • WorkWave has been recognized with multiple awards for its outstanding products, growth and culture, including the Inc. 5000, SaaS Award, IT World Awards, Globe Awards, Silver Stevie Award for Employer of the Year, and Best Place to Work Inc. Magazine • Recently named one of The Software Report's 3rd annual list of the Top 100 Software Companies of 2022 (worldwide!) We’re an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status: Don't meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At WorkWave, we are dedicated to building a diverse, inclusive and authentic workplace, so if you feel like you could make a great impact in this role but your past experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may just be the right candidate for this or other roles! WorkWave supports salary transparency, however please note that salary estimates provided by websites (LinkedIn, Glassdoor, etc.) and not by WorkWave may not accurately reflect the actual salary range for the position.