Government Careers
  • SME - GCP Security, Palo Alto Firewall

  • hcltech
  • Dallas, Texas 75201 United States View Map

SME - GCP Security, Palo Alto Firewall

As an L3 SOC Analyst (Onsite), you will serve as the senior-most technical. You will provide advanced threat detection, incident response leadership, and threat hunting capabilities. This is a customer-facing role requiring strong stakeholder engagement, technical presentation skills, and the ability to represent HCL CSFC's MXDR capabilities with excellence.

Roles & Responsibilities

  • Incident Response & Escalation
    • Act as the primary escalation point for L1 and L2 SOC analysts for all complex security incidents.
    • Lead incident response activities, including containment, eradication, root cause analysis (RCA), and recovery.
    • Perform advanced triaging and collaborate with resolver groups, third parties, and designated customer contacts for incident resolution.
    • Conduct post-incident reviews (PIR) and contribute to detailed investigation and RCA reports for customer governance.
  • Threat Hunting & Intelligence
    • Design and execute proactive threat hunting activities using SIEM, EDR, and advanced query languages (KQL, SPL).
    • Perform both IOC-based and hypothesis-based threat hunting, correlating with the latest threat intelligence feeds.
    • Analyse emerging threat intelligence and map findings to the MITRE ATT&CK framework for enhanced detection.
    • Create and deliver threat hunting reports and advisories based on defined KPIs for customer consumption.
  • SIEM/SOAR & Detection Engineering
    • Develop and fine-tune detection use cases, correlation rules, and automated response playbooks.
    • Provide expertise in SIEM/SOAR platform optimization, log source integration, and content management.
    • Lead efforts to reduce alert fatigue through rule tuning, false-positive suppression, and analytics engine optimization.
    • Collaborate with OEM support teams for issue resolution and product improvements.
  • Customer Engagement & Governance (Onsite Specific)
    • Serve as the face of HCL CSFC, building trust and maintaining strong stakeholder relationships.
    • Participate in and present during Monthly Security Operations Reviews (MSOR), weekly governance calls, and ad-hoc executive briefings.
    • Provide technical analysis reports, security posture assessments, and actionable recommendations.
    • Coordinate with customer IT/Security teams, OEM vendors, and HCL offshore teams for seamless service delivery.
    • Drive SLA/KPI adherence (MTTD, MTTR, MTTA, MTTN) and ensure contractual compliance.
  • Mentorship & Knowledge Transfer
    • Act as the SME (Subject Matter Expert) and provide technical guidance and mentorship to L1 and L2 analysts.
    • Conduct knowledge transfer sessions, training workshops, and tabletop exercises at the customer site.
    • Develop and maintain SOPs, runbooks, and escalation workflows for SOC operations.

Technical Skills Required

  • SIEM Platforms
    • Expertise in any 2 of: Splunk, Microsoft Sentinel, Google Chronicle, Palo Alto XSIAM
  • EDR Platforms
    • Hands-on experience in any 2 of: CrowdStrike Falcon, Microsoft Defender XDR, SentinelOne, Cortex XDR, Cisco Secure Endpoint
  • SOAR Platforms
    • Experience with XSOAR, Siemplify (Chronicle SOAR), Tines, or equivalent
  • Query Languages
    • Proficiency in KQL, SPL, YARA-L, or equivalent for advanced hunting
  • Scripting & Automation
    • Strong skills in Python, PowerShell for automation and scripting
  • Frameworks
    • Deep understanding of MITRE ATT&CK, Cyber Kill Chain, NIST CSF, ISO 27001
  • OS Knowledge
    • Strong understanding of Windows, Linux, and macOS endpoint security and attack techniques
  • Cloud Security
    • Familiarity with Azure Defender, M365 Defender, Defender for Cloud, AWS Security Hub
  • Forensics
    • Experience in forensic investigations, malware analysis, and digital evidence handling
  • Reporting

SME - GCP Security, Palo Alto Firewall

As an L3 SOC Analyst (Onsite), you will serve as the senior-most technical. You will provide advanced threat detection, incident response leadership, and threat hunting capabilities. This is a customer-facing role requiring strong stakeholder engagement, technical presentation skills, and the ability to represent HCL CSFC's MXDR capabilities with excellence.

Roles & Responsibilities

  • Incident Response & Escalation
    • Act as the primary escalation point for L1 and L2 SOC analysts for all complex security incidents.
    • Lead incident response activities, including containment, eradication, root cause analysis (RCA), and recovery.
    • Perform advanced triaging and collaborate with resolver groups, third parties, and designated customer contacts for incident resolution.
    • Conduct post-incident reviews (PIR) and contribute to detailed investigation and RCA reports for customer governance.
  • Threat Hunting & Intelligence
    • Design and execute proactive threat hunting activities using SIEM, EDR, and advanced query languages (KQL, SPL).
    • Perform both IOC-based and hypothesis-based threat hunting, correlating with the latest threat intelligence feeds.
    • Analyse emerging threat intelligence and map findings to the MITRE ATT&CK framework for enhanced detection.
    • Create and deliver threat hunting reports and advisories based on defined KPIs for customer consumption.
  • SIEM/SOAR & Detection Engineering
    • Develop and fine-tune detection use cases, correlation rules, and automated response playbooks.
    • Provide expertise in SIEM/SOAR platform optimization, log source integration, and content management.
    • Lead efforts to reduce alert fatigue through rule tuning, false-positive suppression, and analytics engine optimization.
    • Collaborate with OEM support teams for issue resolution and product improvements.
  • Customer Engagement & Governance (Onsite Specific)
    • Serve as the face of HCL CSFC, building trust and maintaining strong stakeholder relationships.
    • Participate in and present during Monthly Security Operations Reviews (MSOR), weekly governance calls, and ad-hoc executive briefings.
    • Provide technical analysis reports, security posture assessments, and actionable recommendations.
    • Coordinate with customer IT/Security teams, OEM vendors, and HCL offshore teams for seamless service delivery.
    • Drive SLA/KPI adherence (MTTD, MTTR, MTTA, MTTN) and ensure contractual compliance.
  • Mentorship & Knowledge Transfer
    • Act as the SME (Subject Matter Expert) and provide technical guidance and mentorship to L1 and L2 analysts.
    • Conduct knowledge transfer sessions, training workshops, and tabletop exercises at the customer site.
    • Develop and maintain SOPs, runbooks, and escalation workflows for SOC operations.

Technical Skills Required

  • SIEM Platforms
    • Expertise in any 2 of: Splunk, Microsoft Sentinel, Google Chronicle, Palo Alto XSIAM
  • EDR Platforms
    • Hands-on experience in any 2 of: CrowdStrike Falcon, Microsoft Defender XDR, SentinelOne, Cortex XDR, Cisco Secure Endpoint
  • SOAR Platforms
    • Experience with XSOAR, Siemplify (Chronicle SOAR), Tines, or equivalent
  • Query Languages
    • Proficiency in KQL, SPL, YARA-L, or equivalent for advanced hunting
  • Scripting & Automation
    • Strong skills in Python, PowerShell for automation and scripting
  • Frameworks
    • Deep understanding of MITRE ATT&CK, Cyber Kill Chain, NIST CSF, ISO 27001
  • OS Knowledge
    • Strong understanding of Windows, Linux, and macOS endpoint security and attack techniques
  • Cloud Security
    • Familiarity with Azure Defender, M365 Defender, Defender for Cloud, AWS Security Hub
  • Forensics
    • Experience in forensic investigations, malware analysis, and digital evidence handling
  • Reporting
Government Careers

Government Careers

Government jobs offer stability, competitive benefits, and the chance to make a meaningful impact on your community and country.

Whether you’re starting your career or seeking new opportunities, these roles provide pathways for growth, security, and service.

Explore positions across a wide range of fields and take the first step toward a rewarding future in public service.

Show more

MORE JOBS