Resident Engineer (Extended Expertise Engineer)
Location: Onsite at Scott AFB, Il. Top Secret Clearance required
The Extended Expertise Engineer is a critical member of our Professional Services team. In this highly technical, hands-on role, you will work on-site and/or remotely with customers to support the rapid and complete adoption of our Endpoint Security Platform. Your mission is to enable customers to deploy, operationalize, and maximize the value of our solutions-leaving them more secure and better equipped to face modern threats.
You will serve as a trusted technical advisor, Palo Alto products subject matter expert (SME), and extension of the customer's security team, developing and maintaining expert-level knowledge of our products within real-world enterprise environments.
Key Responsibilities
Learn and understand customer business requirements, technical environments, and industry-specific threat landscapes
Deploy, operationalize, troubleshoot, and train customers on endpoint protection solutions
Act as a Security Incident Responder / SOC analyst resource, supporting detection, investigation, and response efforts
Provide hands-on support for threat hunting, detection engineering, and alert tuning
Develop and tune correlation rules, custom BIOCs, and new detections for additional log sources
Support XDR implementations, including log ingestion, parsing rules, and API integrations
Act as a Product SME, collaborating closely with Product and Engineering teams
Drive customer time to value by guiding successful deployments throughout the product lifecycle
Expand product adoption by demonstrating new features and developing innovative use cases
Maintain continuous customer engagement in a customer-facing, consultative role
Support SIEM and orchestration environments, including XSOAR workflows
Perform basic Linux system administration and troubleshooting
Required Qualifications
Hands-on experience with endpoint security deployment, operationalization, troubleshooting, and training
Experience as a Security Incident Responder, SOC Analyst, or SOC Manager
Strong networking fundamentals (TCP/IP, OSI Model, packet analysis, troubleshooting)
Experience working in customer-facing roles
Familiarity with cloud platforms and use cases (AWS, Azure, GCP)
Knowledge of enterprise security and IT ecosystems, tools, and processes
Experience with SIEM platforms, such as Splunk
Threat hunting and detection engineering experience
Familiarity with XDR concepts, APIs, and query languages
Experience with log ingestion and parsing for XDR
Working knowledge of XQL, SQL, or similar query/scripting languages
Basic Linux administration and troubleshooting skills
Preferred / Plus Skills
Scripting ability in Python and/or PowerShell
Familiarity with machine learning applications in cybersecurity
Experience with security orchestration and automation (XSOAR)
#XDR #XSOAR #Paloalto #Socmanager #scottAFB