Sr. Security Engineer
- Code Beacons Inc.
14 Hours Ago
NA
NA
Santa Ana-CA
6-12 Years
Required Skills: Security Architecture, Palo Alto, CyberArk, Cisco ISE, AWS, Azure, ServiceNow, Terraform, O365
Job Description
Sr. Security Engineer
Santa Ana, CA(Onsite) , Locals only as they have to attend in person interview
18 months
- Broad range of skills that requires deep tech knowledge and tooling in Palo Alto (hands on)
- Recent hands-on experience in network
- Looking for some understanding of SEIM technology but working knowledge is preferential
- Need security level architect; hands on and has some certs
- Someone who can be liaison between technical team and exec team to explain technical aspects in more easily digestible terms
- Focus on recent security architecture experience with hands on background with some leadership capabilities and good documentation skills
- Good documentation skills needed for this role
Tech Stack:
- Palo Alto Panorama
- Palo Alto Cortex EDR
- Palo Alto Cortex XSOAR
- Palo Alto Prisma Cloud Service
- Palo Alto NGFW
- CyberArk
- Cisco ISE
- AWS, Azure
- SIEM: XSIAM
Role Overview & Expectations
- This is a senior-level Sr.Security Engineer role requiring a strong foundation in network security and security infrastructure.
- Many candidates have solid network security backgrounds but lack true security architecture experience and exposure across multiple environments/verticals.
- The client is looking for hands-on architects who are comfortable configuring and implementing solutions themselves—not purely advisory.
- Some candidates lean heavily toward compliance but are weaker in architecture and technical design.
Ideal Candidate Profile
- Well-rounded security professional with hands-on experience and strong foundational security knowledge.
- Certifications such as CISSP are highly preferred.
- Candidates should be able to confidently answer architectural questions (e.g., SIEM recommendations and design rationale).
- Prior experience leading migrations is helpful, but hands-on participation is critical.
Candidate Screening & Questionnaire Feedback
- Current questionnaire questions such as “What’s the largest migration you’ve done?” often surface candidates who oversaw large projects (e.g., 8,000–10,000 user migrations from Cisco to Palo Alto) but did not perform hands-on technical work.
- Some candidates could not confirm:
- Whether migration tools were used
- Specific configuration steps taken
- The client wants to refine screening questions to identify candidates who:
- Actively participated in migrations
- Have recent keyboard-level experience
- Can clearly explain technical steps and decisions
Candidate Selection Criteria
- Recent, hands-on experience “in the trenches” is critical.
- Candidates must demonstrate:
- Strong documentation skills
- Ability to design, implement, and explain firewall and security architecture
- Quote from client sentiment:
“If you can’t document, that’s just as unhelpful as someone who hasn’t touched a firewall in a while.”
- Ideal candidates can both manage and configure, and clearly articulate:
- Migration steps (e.g., firewall-to-firewall)
- Network and security architecture designs
Liaison & Communication Expectations
- The Security Architect must act as a bridge between:
- Technical teams
- Management
- Executive leadership
- Must be able to translate technical concepts into clear, non-technical explanations.
Key Focus Areas
- Recent security architecture experience
- Hands-on Palo Alto expertise
- Strong documentation abilities
- Other skills are considered nice-to-haves
- A “true” Security Architect with a strong foundation should cover 80–90% of the requirements
Technology Stack (Provided by Client)
Primary technologies in use include:
- Palo Alto Panorama
- Palo Alto NGFW
- Palo Alto Cortex EDR
- Palo Alto Cortex XSOAR
- Palo Alto Prisma Cloud
- Palo Alto XSIAM
- CyberArk
- Cisco ISE
- AWS & Azure
- Azure Entra ID
- ServiceNow
- Tenable Vulnerability Management
- Terraform
- Microsoft O365
Notes:
- XDR was mentioned, but a traditional SIEM was not initially listed.
- Assumption is that if another SIEM exists, it may be Splunk or Exabeam.
SIEM Discussion & Environment Context
- OC Sheriff is a Palo Alto XSIAM customer.
- XSIAM is relatively new and less common than Splunk or traditional SIEM/XDR tools.
- Palo Alto acquired XSIAM through the IBM QRadar install base acquisition.
- Splunk remains dominant, with Microsoft Sentinel growing in adoption.
- Finding candidates with direct, recent XSIAM experience may be challenging.
Client Preference:
- Strong architecture and documentation skills are more important than direct XSIAM experience.
- Experience with security operations (XDR/XSIAM) is a plus, but not mandatory.
Relocation & On-Site Expectations
- The client is cautious of candidates who:
- Accept the role with the intention of later negotiating remote work
- Interviewers are attentive to red flags suggesting resistance to full on-site expectations.
- Candidates signaling future remote requests are noted during interviews.
