Sr Professional Services Architect XSIAM

Our Mission

At Palo Alto Networks everything starts and ends with our mission:

Being the cybersecurity partner of choice, protecting our digital way of life.

Our vision is a world where each day is safer and more secure than the one before. We are a company built on the foundation of challenging and disrupting the way things are done, and we're looking for innovators who are as committed to shaping the future of cybersecurity as we are.

Who We Are

We believe collaboration thrives in person. That's why most of our teams work from the office full time, with flexibility when it's needed. This model supports real-time problem-solving, stronger relationships, and the kind of precision that drives great outcomes.

Your Career

As a Principal Professional Services Architect for Cortex XSIAM, you will serve as a senior technical and strategic leader, bridging complex service delivery with long-term customer success outcomes. In this hybrid role, you will spend your time delivering billable engagements such as data onboarding, correlation engineering, and automation design. You would partner with customers as their strategic advisor and architect, driving platform adoption, maturity, and measurable security outcomes.

You'll engage with CISOs, SOC leaders, and security engineering teams at some of our largest and most strategic customers to design scalable ingestion architectures, help customers evolve their detection strategy, and partner with them on SOC transformation initiatives. Your work will focus on co-creating solutions with customers — refining existing processes, aligning them with XSIAM capabilities, and providing best-practice recommendations to accelerate adoption and value realization.

Your Impact

Billable Engagements (~45%)

• Architect and deliver data ingestion pipelines, ensuring telemetry from diverse sources (endpoint, network, cloud, identity) is normalized, high-quality, and aligned with best practices

• Design and implement custom correlation logic detections to address customer-specific use cases, leveraging platform capabilities and reference content — not building detections from scratch

• Advise on detection strategies by mapping customer threat models and operational needs to actionable detection use cases, ensuring alignment with Cortex's research-driven detection content

• Review, refine, and recommend improvements to existing incident response workflows and automation playbooks, aligning them with XSIAM capabilities and industry best practices while respecting established customer processes

• Mentor and enable customer SOC teams on alert triage optimization, enrichment strategies, and continuous detection tuning

• Produce and deliver technical documentation, architecture diagrams, runbooks, and operational guides that support ongoing SOC operations

• Conduct workshops and hands-on sessions to transfer knowledge and upskill customer teams on the effective use of XSIAM.

Principal Customer Success Architect (~55%)

• Serve as a trusted advisor to CISOs, SOC Directors, and security engineering leaders, shaping their long-term XSIAM adoption strategy and architecture roadmap

• Lead architecture design sessions, maturity assessments, and strategic workshops to translate business objectives into actionable technical plans

• Design and deliver reference architectures, best-practice frameworks, and operational blueprints in collaboration with customer teams, enabling them to evolve and sustain their SOC capabilities

• Provide strategic recommendations to enhance SOC maturity, including ingestion strategies, detection priorities, automation approaches, and operational workflows

• Identify opportunities for optimization, automation, and expansion within the customer environment, guiding them toward continuous improvement and advanced use of XSIAM features

• Act as the technical escalation point and strategic liaison across customer, product, and internal engineering teams to ensure platform adoption and success metrics are achieved

• Capture and relay customer feedback to internal product and engineering teams, influencing roadmap priorities and feature evolution.

Your Experience 

• 10+ years in Security Operations, SIEM, detection engineering, or related roles, with at least 4+ years in an architecture, advisory, or leadership capacity

• Proven experience leading enterprise-scale SOC or SIEM transformation projects from design to operationalization

• Deep expertise in SIEM platforms (Cortex XSIAM, Splunk, QRadar, Sentinel, etc.) and security analytics methodologies

• Strong background in log ingestion, normalization, enrichment, correlation engineering, and detection strategy design

• Experience designing or improving automation workflows, SOAR integrations, and response playbooks based on existing operational processes

• Strong consultative skills and experience engaging directly with executive stakeholders to align security strategies with business goals

• Hands-on knowledge of threat hunting, detection engineering, and SOC optimization practices

• Proficiency with Regex, log parsing, and telemetry schema design

• Familiarity with MITRE ATT&CK, NIST CSF, and SOC maturity models

• Exceptional communication and presentation skills, with the ability to translate complex technical topics for technical and non-technical audiences

• Bachelor's degree in a relevant field or equivalent experience; certifications such as CISSP, GIAC, or SIEM vendor credentials are preferred.

The Team

Our Professional Services and Customer Success organizations are at the forefront of customer enablement and platform adoption. We partner deeply with clients to help them operationalize Cortex XSIAM, evolve their SOC capabilities, and stay ahead of an ever-changing threat landscape. As a Principal architect, you'll operate at the intersection of delivery and advisory - shaping architectures, driving adoption strategies, and enabling customers to achieve measurable outcomes and long-term success.

Why You'll Love This Role

• You'll influence the security posture of some of the world's largest and most sophisticated enterprises

• You'll operate at the strategic intersection of technical delivery, advisory, and architecture, shaping how customers build and evolve their SOC

• You'll work with cutting-edge security analytics, automation, and AI-driven detection technologies at massive scale

• You'll become a trusted advisor and thought leader, not just an implementer but enabling customers to transform their operations and achieve meaningful results

Our Commitment

We're problem solvers that take risks and challenge cybersecurity's status quo. It's simple: we can't accomplish our mission without diverse teams innovating, together.

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at  [email protected].

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.