Extended Expertise Consultant - TRANSCOM

Resident Engineer (Extended Expertise Engineer)

Location: Onsite at Scott AFB, Il.

Top Secret Clearance required




The Extended Expertise Engineer is a critical member of our Professional Services team. In this highly technical, hands-on role, you will work on-site and/or remotely with customers to support the rapid and complete adoption of our Endpoint Security Platform. Your mission is to enable customers to deploy, operationalize, and maximize the value of our solutions-leaving them more secure and better equipped to face modern threats.

You will serve as a trusted technical advisor, Palo Alto products subject matter expert (SME), and extension of the customer's security team, developing and maintaining expert-level knowledge of our products within real-world enterprise environments.

Key Responsibilities

• Learn and understand customer business requirements, technical environments, and industry-specific threat landscapes
• Deploy, operationalize, troubleshoot, and train customers on endpoint protection solutions
• Act as a Security Incident Responder / SOC analyst resource, supporting detection, investigation, and response efforts
• Provide hands-on support for threat hunting, detection engineering, and alert tuning
• Develop and tune correlation rules, custom BIOCs, and new detections for additional log sources
• Support XDR implementations, including log ingestion, parsing rules, and API integrations
• Act as a Product SME, collaborating closely with Product and Engineering teams
• Drive customer time to value by guiding successful deployments throughout the product lifecycle
• Expand product adoption by demonstrating new features and developing innovative use cases
• Maintain continuous customer engagement in a customer-facing, consultative role
• Support SIEM and orchestration environments, including XSOAR workflows
• Perform basic Linux system administration and troubleshooting

Required Qualifications

• Hands-on experience with endpoint security deployment, operationalization, troubleshooting, and training
• Experience as a Security Incident Responder, SOC Analyst, or SOC Manager
• Strong networking fundamentals (TCP/IP, OSI Model, packet analysis, troubleshooting)
• Experience working in customer-facing roles
• Familiarity with cloud platforms and use cases (AWS, Azure, GCP)
• Knowledge of enterprise security and IT ecosystems, tools, and processes
• Experience with SIEM platforms, such as Splunk
• Threat hunting and detection engineering experience
• Familiarity with XDR concepts, APIs, and query languages
• Experience with log ingestion and parsing for XDR
• Working knowledge of XQL, SQL, or similar query/scripting languages
• Basic Linux administration and troubleshooting skills

Preferred / Plus Skills

• Scripting ability in Python and/or PowerShell
• Familiarity with machine learning applications in cybersecurity
• Experience with security orchestration and automation (XSOAR)

#XDR #XSOAR #Paloalto #Socmanager #scottAFB