XSIAM Endpoint Engineer
Palo Alto Networks · Mumbai · Posted 2026-06-08
Tech stack: Go, Linux
About the role
The Cortex XSIAM Endpoint Engineer is a specialized technical role within the Professional Services team. This individual will be a key player in the successful deployment and operationalization of Palo Alto Networks' Cortex XSIAM platform, with a specific focus on the endpoint security components. The role centers on migrating customers from existing Cortex XDR or third-party EDR solutions to XSIAM, managing agent deployment, and tuning endpoint security policies to help customers maximize the value of our AI-driven SOC platform. This position requires a deep understanding of endpoint security (EDR/XDR), agent lifecycle management, and security policy configuration, combined with hands-on expertise in the Cortex XSIAM platform. Responsibilities: Endpoint Migration & Deployment: Lead and execute the migration of endpoint agents from Cortex XDR or legacy EDR platforms to Cortex XSIAM. Develop and implement a phased agent rollout plan to ensure a smooth transition with minimal disruption. Create migration plans for moving agents and assist in updating the customer's architecture diagrams to reflect the new XSIAM endpoint traffic flow. Perform agent compatibility checks against various endpoint OS versions and conduct pilot validations before mass rollouts. Lead and execute the migration of endpoint agents from Cortex XDR or legacy EDR platforms to Cortex XSIAM. Develop and implement a phased agent rollout plan to ensure a smooth transition with minimal disruption. Create migration plans for moving agents and assist in updating the customer's architecture diagrams to reflect the new XSIAM endpoint traffic flow. Perform agent compatibility checks against various endpoint OS versions and conduct pilot validations before mass rollouts. Policy and Configuration Management: Analyze the customer's existing XDR policies, profiles, and configurations to plan a successful migration to Cortex XSIAM. Implement and fine-tune endpoint security policies, profiles, and exception rules within the XSIAM console to align with customer security objectives. Manage global allow/block lists, exceptions, and other endpoint-specific configurations post-migration. Recreate and apply configurations such as tags and exception profiles for different operating systems (e.g., Windows, Linux, macOS) in the unified XSIAM tenant. Analyze the customer's existing XDR policies, profiles, and configurations to plan a successful migration to Cortex XSIAM. Implement and fine-tune endpoint security policies, profiles, and exception rules within the XSIAM console to align with customer security objectives. Manage global allow/block lists, exceptions, and other endpoint-specific configurations post-migration. Recreate and apply configurations such as tags and exception profiles for different operating systems (e.g., Windows, Linux, macOS) in the unified XSIAM tenant. Endpoint Health and Operationalization: Ensure endpoint agents are healthy and managed centrally post-migration. Collaborate with the customer's SOC and endpoint teams to tune alerts, validate security posture, and reduce alert fatigue. Provide expert guidance on endpoint security best practices, including threat prevention, device control, and data loss prevention (DLP). Ensure endpoint agents are healthy and managed centrally post-migration. Collaborate with the customer's SOC and endpoint teams to tune alerts, validate security posture, and reduce alert fatigue. Provide expert guidance on endpoint security best practices, including threat prevention, device control, and data loss prevention (DLP). Customer Enablement and Project Success: Act as the key technical endpoint resource within the project team, working alongside the XSIAM Lead Consultant, SIEM Engineer, and Project Manager. Contribute to key project documents, including the Solution Design and As-Built documents, with a focus on endpoint architecture and configuration. Participate in testing and pre-production activities to ensure a smooth go-live for all endpoint-related functions. Assist in transitioning the customer to Business-As-Usual (BAU) operations and handing over to the appropriate long-term support teams. Act as the key technical endpoint resource within the project team, working alongside the XSIAM Lead Consultant, SIEM Engineer, and Project Manager. Contribute to key project documents, including the Solution Design and As-Built documents, with a focus on endpoint architecture and configuration. Participate in testing and pre-production activities to ensure a smooth go-live for all endpoint-related functions. Assist in transitioning the customer to Business-As-Usual (BAU) operations and handing over to the appropriate long-term support teams. Qualifications: Technical Skills: Proven experience with endpoint security solutions (EDR/XDR), specifically with agent deployment, policy management, and troubleshooting. Hands-on experience with Cortex XDR is highly desirable. Direct experience with Cortex XSIAM, particularly in agent migration from XDR to XSIAM, is a strong plus. Strong understanding of endpoint operating systems (Windows, Linux, macOS) and their security configurations. Familiarity with SOC operations and how endpoint data is used for threat hunting, investigation, and response. Knowledge of scripting for agent deployment and management is an asset. Proven experience with endpoint security solutions (EDR/XDR), specifically with agent deployment, policy management, and troubleshooting. Hands-on experience with Cortex XDR is highly desirable. Direct experience with Cortex XSIAM, particularly in agent migration from XDR to XSIAM, is a strong plus. Strong understanding of endpoint operating systems (Windows, Linux, macOS) and their security configurations. Familiarity with SOC operations and how endpoint data is used for threat hunting, investigation, and response. Knowledge of scripting for agent deployment and management is an asset. Professional Attributes: Experience in a customer-facing, consultative role, such as professional services, technical account management, or solutions architecture. Strong analytical and problem-solving skills to navigate complex agent migration and policy-tuning challenges. Excellent communication skills, with the ability to manage stakeholder expectations and collaborate effectively with customer endpoint teams. Ability to work effectively as part of a distributed project team to drive successful customer outcomes. Experience in a customer-facing, consultative role, such as professional services, technical account management, or solutions architecture. Strong analytical and problem-solving skills to navigate complex agent migration and policy-tuning challenges. Excellent communication skills, with the ability to manage stakeholder expectations and collaborate effectively with customer endpoint teams. Ability to work effectively as part of a distributed project team to drive successful customer outcomes.
Qualifications
- Proven experience with endpoint security solutions (EDR/XDR), specifically with agent deployment, policy management, and troubleshooting.
- Hands-on experience with Cortex XDR is highly desirable.
- Direct experience with Cortex XSIAM, particularly in agent migration from XDR to XSIAM, is a strong plus.
- Strong understanding of endpoint operating systems (Windows, Linux, macOS) and their security configurations.
- Familiarity with SOC operations and how endpoint data is used for threat hunting, investigation, and response.
- Knowledge of scripting for agent deployment and management is an asset.
- Professional Attributes: Experience in a customer-facing, consultative role, such as professional services, technical account management, or solutions architecture.
- Strong analytical and problem-solving skills to navigate complex agent migration and policy-tuning challenges.
- Excellent communication skills, with the ability to manage stakeholder expectations and collaborate effectively with customer endpoint teams.
- Ability to work effectively as part of a distributed project team to drive successful customer outcomes.
- Experience in a customer-facing, consultative role, such as professional services, technical account management, or solutions architecture.
Responsibilities
- Endpoint Migration & Deployment:
- Lead and execute the migration of endpoint agents from Cortex XDR or legacy EDR platforms to Cortex XSIAM.
- Develop and implement a phased agent rollout plan to ensure a smooth transition with minimal disruption.
- Create migration plans for moving agents and assist in updating the customer's architecture diagrams to reflect the new XSIAM endpoint traffic flow.
- Perform agent compatibility checks against various endpoint OS versions and conduct pilot validations before mass rollouts.
- Policy and Configuration Management:
- Analyze the customer's existing XDR policies, profiles, and configurations to plan a successful migration to Cortex XSIAM. Implement and fine-tune endpoint security policies, profiles, and exception rules within the XSIAM console to align with customer security objectives.
- Manage global allow/block lists, exceptions, and other endpoint-specific configurations post-migration.
- Recreate and apply configurations such as tags and exception profiles for different operating systems (e.g., Windows, Linux, macOS) in the unified XSIAM tenant.
- Endpoint Health and Operationalization: Ensure endpoint agents are healthy and managed centrally post-migration.
- Collaborate with the customer's SOC and endpoint teams to tune alerts, validate security posture, and reduce alert fatigue.
- Provide expert guidance on endpoint security best practices, including threat prevention, device control, and data loss prevention (DLP).
- Ensure endpoint agents are healthy and managed centrally post-migration.
- Customer Enablement and Project Success: Act as the key technical endpoint resource within the project team, working alongside the XSIAM
- Lead Consultant, SIEM Engineer, and Project Manager.
- Contribute to key project documents, including the Solution
- Design and As-Built documents, with a focus on endpoint architecture and configuration.
- Participate in testing and pre-production activities to ensure a smooth go-live for all endpoint-related functions.
- Assist in transitioning the customer to Business-As-Usual (BAU) operations and handing over to the appropriate long-term support teams.
- Act as the key technical endpoint resource within the project team, working alongside the XSIAM