XSIAM Endpoint Engineer

Our Mission At Palo Alto Networks®, we’re united by a shared mission—to protect our digital way of life. We thrive at the intersection of innovation and impact, solving real-world problems with cutting-edge technology and bold thinking. Here, everyone has a voice, and every idea counts. If you’re ready to do the most meaningful work of your career alongside people who are just as passionate as you are, you’re in the right place. Who We Are In order to be the cybersecurity partner of choice, we must trailblaze the path and shape the future of our industry. This is something our employees work at each day and is defined by our values: Disruption, Collaboration, Execution, Integrity, and Inclusion. We weave AI into the fabric of everything we do and use it to augment the impact every individual can have. If you are passionate about solving real-world problems and ideating beside the best and the brightest, we invite you to join us! We believe collaboration thrives in person. That’s why most of our teams work from the office full time, with flexibility when it’s needed. This model supports real-time problem-solving, stronger relationships, and the kind of precision that drives great outcomes. Job Summary The Cortex XSIAM Endpoint Engineer is a specialized technical role within the Professional Services team. This individual will be a key player in the successful deployment and operationalization of Palo Alto Networks' Cortex XSIAM platform, with a specific focus on the endpoint security components. The role centers on migrating customers from existing Cortex XDR or third-party EDR solutions to XSIAM, managing agent deployment, and tuning endpoint security policies to help customers maximize the value of our AI-driven SOC platform. This position requires a deep understanding of endpoint security (EDR/XDR), agent lifecycle management, and security policy configuration, combined with hands-on expertise in the Cortex XSIAM platform. Your Impact Endpoint Migration & Deployment: Lead and execute the migration of endpoint agents from Cortex XDR or legacy EDR platforms to Cortex XSIAM. Develop and implement a phased agent rollout plan to ensure a smooth transition with minimal disruption. Create migration plans for moving agents and assist in updating the customer's architecture diagrams to reflect the new XSIAM endpoint traffic flow. Perform agent compatibility checks against various endpoint OS versions and conduct pilot validations before mass rollouts. Policy and Configuration Management: Analyze the customer's existing XDR policies, profiles, and configurations to plan a successful migration to Cortex XSIAM. Implement and fine-tune endpoint security policies, profiles, and exception rules within the XSIAM console to align with customer security objectives. Manage global allow/block lists, exceptions, and other endpoint-specific configurations post-migration. Recreate and apply configurations such as tags and exception profiles for different operating systems (e.g., Windows, Linux, macOS) in the unified XSIAM tenant. Endpoint Health and Operationalization: Ensure endpoint agents are healthy and managed centrally post-migration. Collaborate with the customer's SOC and endpoint teams to tune alerts, validate security posture, and reduce alert fatigue. Provide expert guidance on endpoint security best practices, including threat prevention, device control, and data loss prevention (DLP). Customer Enablement and Project Success: Act as the key technical endpoint resource within the project team, working alongside the XSIAM Lead Consultant, SIEM Engineer, and Project Manager. Contribute to key project documents, including the Solution Design and As-Built documents, with a focus on endpoint architecture and configuration. Participate in testing and pre-production activities to ensure a smooth go-live for all endpoint-related functions. Assist in transitioning the customer to Business-As-Usual (BAU) operations and ... (truncated, view full listing at source)