Job Title

Job Summary:We are seeking a highly skilled contractor to support our Security Operations Center (SOC) in stabilizing, enhancing, and evolving our Palo Alto XSOAR environment. The primary focus will be on resolving outstanding production issues that are currently impacting SOC workflows, followed by integrating external threat intelligence tools to improve enrichment and automation. The contractor will also help design a maturity roadmap that outlines the future state of our automation and intelligence-driven response capabilities.Responsibilities:Resolve Production Issues:Lead working sessions to identify platform, operational, and automation-related issues in XSOAR.Triage and remediate bugs impacting system stability, case management, and playbook execution.Collaborate with analysts and engineers to test, validate, and deploy fixes.Provide weekly updates outlining bugs resolved, progress status, and blockers.Integrate Threat Intelligence Sources:Connect and validate integrations with platforms such as MISP, URLhaus, Malware Bazaar, and Threat Fox.Develop enrichment and response playbooks that leverage threat intel feeds.Automate scoring, tagging, and correlation of IOCs across alert workflows.Document integration procedures and train analysts on new capabilities.Design XSOAR Maturity Roadmap:Evaluate current platform capabilities and identify opportunities for improvement.Propose a phased maturity model for automation, threat intel usage, and analyst experience.Recommend KPIs, metrics, and best practices for measuring progress.Deliver a strategic plan that supports long-term automation and threat detection goals.Project Involvement:XSOAR Bug Remediation – Resolve high-impact issues disrupting SOC operations.Threat Intel Integration – Build and optimize connections to open-source and internal feeds.Maturity Roadmap Development – Define future-state architecture and automation standards.Experience:In-depth knowledge of Palo Alto XSOAR, including playbook design and custom integrations.Proficient in Python scripting and REST API usage.Strong understanding of data parsing, normalization, and enrichment workflows.Security Knowledge:Solid grasp of SOC operations and incident response lifecycles.Familiarity with threat intelligence methodologies and the MITRE ATT&CK framework.Strong troubleshooting and documentation skills.Proven ability to work independently and collaboratively across teams.Experience communicating technical updates and project milestones to leadership.Preferred Qualifications:XSOAR Automation Engineer certificationExperience supporting production XSOAR environments in enterprise settingsPrior work designing automation or threat intel maturity frameworks