Advanced expertise in SIEM/SOAR platforms, especially Palo Alto Cortex XSIAM and XSOAR.

Proven experience in use case lifecycle management, including: Designing advanced threat detection logic, Developing and optimizing correlation rules, Leading alert tuning and false positive reduction efforts

Strong understanding of cybersecurity frameworks such as MITRE ATT&CK, NIST, and Cyber Kill Chain.

Hands-on experience with diverse log source onboarding and normalization, including EDR, firewall, proxy, email, cloud, and identity logs.

Proficiency in XQL and other SIEM query languages, with the ability to write complex queries and optimize performance.

Capability to map use cases to MITRE ATT&CK techniques, identify detection gaps, and propose remediation strategies.

Deep understanding of incident response workflows, including integration of detection content with playbooks and automation pipelines.

Experience integrating threat intelligence feeds into detection logic and correlation rules to enhance contextual awareness.

Strong analytical and troubleshooting skills, with the ability to lead validation efforts and continuously improve detection efficacy.

Excellent communication and documentation skills, including stakeholder engagement, technical writing, and mentoring junior team members.