**Introduction** A career in IBM Consulting is rooted by long-term relationships and close collaboration with clients across the globe. You'll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio; including Software and Red Hat. Curiosity and a constant quest for knowledge serve as the foundation to success in IBM Consulting. In your role, you'll be encouraged to challenge the norm, investigate ideas outside of your role, and come up with creative solutions resulting in ground breaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment that embraces your unique skills and experience **Your role and responsibilities** Key Responsibilities: * Act as the subject matter expert (SME) for Palo Alto Cortex XDR and endpoint security. * Lead investigation and response for advanced endpoint threats and alerts using XDR. * Develop and fine-tune detection rules, response playbooks, and behavioral indicators. * Integrate Cortex XDR with other security tools (SIEM, SOAR, firewalls, etc.). * Analyze complex threat patterns, perform root cause analysis, and recommend mitigation strategies. * Collaborate with SOC teams to escalate, triage, and resolve endpoint incidents. * Create and maintain technical documentation, runbooks, and training materials. * Support compliance and audit requirements for endpoint security. * Provide L3 support and mentor junior team members. **Required technical and professional expertise** 5+ years of experience in Cybersecurity or Information Security. Minimum 2+ years hands-on experience specifically with Palo Alto Cortex XDR (endpoint or extended detection and response). Strong knowledge of endpoint detection and response (EDR) technologies and incident handling. Experience in scripting (Python, PowerShell) for automation is a plus. Familiarity with security frameworks such as MITRE ATT&CK. Experience in working with SIEM and SOAR platforms. Excellent analytical, communication, and troubleshooting skills. Certifications like PCNSE, CISSP, CEH, or GCIA are advantageous. IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.