Cortex Platform Engineer

Requirements

• 5+ years of hands-on cybersecurity experience in SOC engineering, security operations, or endpoint/cloud security roles.
• 3+ years of direct, production experience operating Cortex XDR at enterprise scale - lab-only experience does not meet this requirement.
• Demonstrated experience with at least two additional Cortex platform components (XSOAR, XSIAM, Cortex Cloud, or Prisma Access) in a production environment.
• Proven ability to write and optimize XQL queries for threat hunting, detection tuning, and forensic investigation.
• Hands-on experience with XSOAR playbook development and integration pack management.
• Working knowledge of at least one SIEM platform (Splunk, Sentinel, or QRadar) with integration experience.
• Technical Knowledge
• Strong understanding of Windows, macOS, and Linux internals as they relate to endpoint telemetry, process execution, and persistence mechanisms.
• Solid grasp of the MITRE ATT&CK framework with the ability to map detections to specific techniques and sub-techniques.
• Familiarity with cloud security fundamentals across AWS, Azure, or GCP - IAM, workload security, network segmentation, and logging.
• Understanding of SASE principles, zero-trust network access concepts, and secure remote access architectures.
• Scripting competency in Python, PowerShell, or Bash for automation, log parsing, and platform integration development.

Additional Information

AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation. At AHEAD, we prioritize creating a culture of belonging, where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD. We are an equal opportunity employer, and do not discriminate based on an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status, or any other protected characteristic under applicable law, whether actual or perceived. We embrace all candidates that will contribute to the diversification and enrichment of ideas and perspectives at AHEAD. We are looking for an experienced Cortex Platform Engineer with deep expertise in Palo Alto Networks' Cortex ecosystem. Cortex XDR is the primary focus of this role - you will own its deployment, configuration, detection engineering, and day-to-day operations - but you will also bring working knowledge across Cortex XSOAR, XSIAM, Cortex Cloud, and Prisma Access to support a maturing, integrated security operations environment. This is a hands-on, high-ownership role at the intersection of endpoint security, SOC automation, cloud security posture, and secure network access. You will partner closely with SOC analysts, security architects, and cloud engineering teams to drive platform adoption, improve detection coverage, and accelerate response across the full Cortex stack. Why AHEAD: Through our daily work and internal groups like Moving Women AHEAD and RISE AHEAD, we value and benefit from diversity of people, ideas, experience, and everything in between. We fuel growth by stacking our office with top-notch technologies in a multi-million-dollar lab, by encouraging cross department training and development, sponsoring certifications and credentials for continued learning. India Employment Benefits include: Comprehensive health insurance coverage for employees, with options to extend coverage to dependents Paid time off and company holidays, along with additional leave benefits as per policy Flexible work arrangements, supporting work-life balance Learning and development opportunities to support continuous growth and upskilling Employee wellness initiatives and programs focused on physical and mental well-being Retirement and statutory benefits in line with India regulations Inclusive and people-first culture, with a strong focus on collaboration and ownership

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at thinkahead? Share your experience