Security Consultant - XSOAR L2

IBM·DEJOBS
Mumbai, IndiaPosted Jul 1, 2026
Open original posting
**Introduction** A career in IBM Consulting is built on long-term client relationships and close collaboration worldwide. You’ll work with leading companies across industries, helping them shape their hybrid cloud and AI journeys. With support from our strategic partners, robust IBM technology, and Red Hat, you’ll have the tools to drive meaningful change and accelerate client impact. At IBM Consulting, curiosity fuels success. You’ll be encouraged to challenge the norm, explore new ideas, and create innovative solutions that deliver real results. Our culture of growth and empathy focuses on your long-term career development while valuing your unique skills and experiences. **Your role and responsibilities** We are seeking a skilled engineer to design, develop, and maintain playbooks and integrations within Cortex XSOAR. You will bridge the gap between security operations and software development, translating incident response workflows into efficient, automated code. You will work closely with threat hunters, SOC analysts, and IT teams to identify repetitive tasks and build resilient automations. Key Responsibilities * Playbook Development: Design, code, test, and debug complex incident response playbooks in Cortex XSOAR using Python and the platform’s visual playbook editor. * Integration Management: Develop and maintain custom integrations with third-party security tools (EDR, SIEM, Firewalls, Ticketing Systems, Threat Intel Platforms) using the Cortex XSOAR API and Python. * Content Management: Manage the full lifecycle of XSOAR content (Playbooks, Integrations, Scripts, Classifiers, Mappers, Dashboards) using version control systems like Git. * Incident Response Enhancement: Collaborate with SOC analysts to understand pain points in current IR processes and translate requirements into automated solutions to reduce manual intervention. * Maintenance & Troubleshooting: Monitor the health of the XSOAR environment, troubleshoot failed automations, and optimize performance and API usage. * Documentation: Maintain thorough documentation of playbooks, integrations, and standard operating procedures (SOPs). **Required technical and professional expertise** * Experience: [4+] years of experience in Security Engineering, DevOps, or Software Engineering, with at least [3+] years specifically working with Palo Alto Networks Cortex XSOAR. * Programming: Strong proficiency in Python (essential for custom scripts and integrations). Experience with JavaScript or PowerShell is a plus. * XSOAR Proficiency: Deep understanding of Cortex XSOAR architecture, including Incident Types, Layouts, Fields, Classifiers, Mappers, and the core automation engine. * APIs & Integrations: Proven experience consuming RESTful APIs to connect disparate security tools. Ability to troubleshoot API authentication and data parsing issues. * Security Domain Knowledge: Solid understanding of the Incident Response lifecycle, common attack vectors (MITRE ATT&CK), and security technologies (SIEM, EDR, SOAR, TIP). * Problem Solving: Excellent analytical skills with the ability to debug complex, distributed system issues. **Preferred technical and professional experience** * Cortex XSOAR Certification * SIEM Experience: Familiarity with SIEM platforms such as XSIAM, Splunk, QRadar, or Microsoft Sentinel. IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.

Want jobs like this matched to you?

Swoopd scores fresh postings against your résumé so you only see the matches that matter.

Get started free