Security Engineer – Cortex XDR Operations

🔒 Confidential Employer
Posted 7 May 2026
LOCATION
Not specified
TYPE
Full-time
LEVEL
Mid-Senior level
CATEGORY
Cyber Security
This employer holds a UK Home Office sponsor license — sponsorship for this specific role is at the employer’s discretion

SKILLS

Cortex XDR Malware Analysis Endpoint Forensics Windows/Linux Internals Network Security PowerShell/Python Scripting MITRE ATT&CK Framework Incident Handling

FULL DESCRIPTION

Security Engineer – Cortex XDR Operations

Company: [Employer hidden — sign up to reveal] Services Group

Job Type: Full Time

Job Mode: WFO

Job Description

Company Description: [Employer hidden — sign up to reveal] is committed to helping our customers achieve their technology goals and will always emphasize the success of our customers as our top priority and in building long-term and productive relationships. [Employer hidden — sign up to reveal]’s goal of adding the best value to its customers with a combination of right technology, right people, and right costs is achieved through experience and integrity of our consultants and our custom delivery processes.

Roles & Responsibility

About the Role

The L3 Security Engineer will act as the highest escalation point for incidents related to Cortex XDR. The role involves advanced threat hunting, complex incident investigation, policy tuning, integration management, and strategic security improvements.

  • Strong hands-on experience with Cortex XDR. Deep understanding of Malware analysis, Endpoint forensics, Windows/Linux internals, Network security fundamentals
  • Experience in scripting (PowerShell / Python) preferred.
  • Knowledge of MITRE ATT&CK framework.
  • Experience handling P1/P2 incidents.

Advanced Incident Handling

  • Act as L3 escalation point for critical and complex security incidents.
  • Perform deep-dive forensic investigations using Cortex XDR.
  • Analyze endpoint telemetry, network data, and behavioral analytics.
  • Lead containment, eradication, and recovery actions.

Threat Hunting & Detection Engineering

  • Conduct proactive threat hunting using XDR query language.
  • Develop and optimize custom detection rules.
  • Identify gaps in detection coverage and improve visibility.
  • Map detections to MITRE ATT&CK framework.

Policy & Platform Management

  • Fine-tune prevention policies (malware, exploit, behavioral threat protection).
  • Manage exceptions, exclusions, and false-positive reduction.
  • Upgrade agents and ensure endpoint health monitoring.
  • Perform platform health checks and capacity planning.

Integration & Automation

  • Integrate Cortex XDR with SIEM/SOAR tools.
  • Automate response actions and playbooks.
  • Support log forwarding and API integrations.

Root Cause Analysis & Reporting

  • Perform RCA for major incidents.
  • Provide executive-level incident summaries.
  • Recommend security posture improvements.

Collaboration

  • Work with L1/L2 SOC teams for knowledge transfer.
  • Coordinate with IT, Network, and Infra teams during containment.
  • Support audits and compliance requirements.

Preferred Certifications

  • Palo Alto Networks Certified Cybersecurity Professional (PCCP)
  • Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA)
Sign up free — access 45,000+ UK sponsor-licensed jobs