SME - GCP Security, Palo Alto Firewall
United States
Apply now
Job Description
SME - GCP Security, Palo Alto Firewall
Dallas, Texas

Job Summary

Job Summary\r\nAs an L3 SOC Analyst (Onsite), you will serve as the senior-most technical. You will provide advanced threat detection, incident response leadership, and threat hunting capabilities. This is a customer-facing role requiring strong stakeholder engagement, technical presentation skills, and the ability to represent HCL CSFC\'s MXDR capabilities with excellence.\r\nRoles & Responsibilities\r\nIncident Response & Escalation\r\nAct as the primary escalation point for L1 and L2 SOC analysts for all complex security incidents.\r\nLead incident response activities, including containment, eradication, root cause analysis (RCA), and recovery.\r\nPerform advanced triaging and collaborate with resolver groups, third parties, and designated customer contacts for incident resolution.\r\nConduct post-incident reviews (PIR) and contribute to detailed investigation and RCA reports for customer governance.\r\nThreat Hunting & Intelligence\r\nDesign and execute proactive threat hunting activities using SIEM, EDR, and advanced query languages (KQL, SPL).\r\nPerform both IOC-based and hypothesis-based threat hunting, correlating with the latest threat intelligence feeds.\r\nAnalyse emerging threat intelligence and map findings to the MITRE ATT&CK; framework for enhanced detection.\r\nCreate and deliver threat hunting reports and advisories based on defined KPIs for customer consumption.\r\nSIEM/SOAR & Detection Engineering\r\nDevelop and fine-tune detection use cases, correlation rules, and automated response playbooks.\r\nProvide expertise in SIEM/SOAR platform optimization, log source integration, and content management.\r\nLead efforts to reduce alert fatigue through rule tuning, false-positive suppression, and analytics engine optimization.\r\nCollaborate with OEM support teams for issue resolution and product improvements.\r\nCustomer Engagement & Governance (Onsite Specific)\r\nServe as the face of HCL CSFC, building trust and maintaining strong stakeholder relationships.\r\nParticipate in and present during Monthly Security Operations Reviews (MSOR), weekly governance calls, and ad-hoc executive briefings.\r\nProvide technical analysis reports, security posture assessments, and actionable recommendations.\r\nCoordinate with customer IT/Security teams, OEM vendors, and HCL offshore teams for seamless service delivery.\r\nDrive SLA/KPI adherence (MTTD, MTTR, MTTA, MTTN) and ensure contractual compliance.\r\nMentorship & Knowledge Transfer\r\nAct as the SME (Subject Matter Expert) and provide technical guidance and mentorship to L1 and L2 analysts.\r\nConduct knowledge transfer sessions, training workshops, and tabletop exercises at the customer site.\r\nDevelop and maintain SOPs, runbooks, and escalation workflows for SOC operations.\r\nTechnical Skills Required\r\nCategory\r\n \r\nRequired Skills\r\n\r\n\r\nSIEM Platforms\r\n \r\nExpertise in any 2 of: Splunk, Microsoft Sentinel, Google Chronicle, Palo Alto XSIAM\r\n\r\n\r\nEDR Platforms\r\n \r\nHands-on experience in any 2 of: CrowdStrike Falcon, Microsoft Defender XDR, SentinelOne, Cortex XDR, Cisco Secure Endpoint\r\n\r\n\r\nSOAR Platforms\r\n \r\nExperience with XSOAR, Siemplify (Chronicle SOAR), Tines, or equivalent\r\n\r\n\r\nQuery Languages\r\n \r\nProficiency in KQL, SPL, YARA-L, or equivalent for advanced hunting\r\n\r\n\r\nScripting & Automation\r\n \r\nStrong skills in Python, PowerShell for automation and scripting\r\n\r\n\r\nFrameworks\r\n \r\nDeep understanding of MITRE ATT&CK;, Cyber Kill Chain, NIST CSF, ISO 27001\r\n\r\n\r\nOS Knowledge\r\n \r\nStrong understanding of Windows, Linux, and macOS endpoint security and attack techniques\r\n\r\n\r\nCloud Security\r\n \r\nFamiliarity with Azure Defender, M365 Defender, Defender for Cloud, AWS Security Hub\r\n\r\n\r\nForensics\r\n \r\nExperience in forensic investigations, malware analysis, and digital evidence handling\r\n\r\n\r\nReporting\r\n \r\nExperien

Key Responsibilities

Job Summary\r\nAs an L3 SOC Analyst (Onsite), you will serve as the senior-most technical. You will provide advanced threat detection, incident response leadership, and threat hunting capabilities. This is a customer-facing role requiring strong stakeholder engagement, technical presentation skills, and the ability to represent HCL CSFC\'s MXDR capabilities with excellence.\r\nRoles & Responsibilities\r\nIncident Response & Escalation\r\nAct as the primary escalation point for L1 and L2 SOC analysts for all complex security incidents.\r\nLead incident response activities, including containment, eradication, root cause analysis (RCA), and recovery.\r\nPerform advanced triaging and collaborate with resolver groups, third parties, and designated customer contacts for incident resolution.\r\nConduct post-incident reviews (PIR) and contribute to detailed investigation and RCA reports for customer governance.\r\nThreat Hunting & Intelligence\r\nDesign and execute proactive threat hunting activities using SIEM, EDR, and advanced query languages (KQL, SPL).\r\nPerform both IOC-based and hypothesis-based threat hunting, correlating with the latest threat intelligence feeds.\r\nAnalyse emerging threat intelligence and map findings to the MITRE ATT&CK; framework for enhanced detection.\r\nCreate and deliver threat hunting reports and advisories based on defined KPIs for customer consumption.\r\nSIEM/SOAR & Detection Engineering\r\nDevelop and fine-tune detection use cases, correlation rules, and automated response playbooks.\r\nProvide expertise in SIEM/SOAR platform optimization, log source integration, and content management.\r\nLead efforts to reduce alert fatigue through rule tuning, false-positive suppression, and analytics engine optimization.\r\nCollaborate with OEM support teams for issue resolution and product improvements.\r\nCustomer Engagement & Governance (Onsite Specific)\r\nServe as the face of HCL CSFC, building trust and maintaining strong stakeholder relationships.\r\nParticipate in and present during Monthly Security Operations Reviews (MSOR), weekly governance calls, and ad-hoc executive briefings.\r\nProvide technical analysis reports, security posture assessments, and actionable recommendations.\r\nCoordinate with customer IT/Security teams, OEM vendors, and HCL offshore teams for seamless service delivery.\r\nDrive SLA/KPI adherence (MTTD, MTTR, MTTA, MTTN) and ensure contractual compliance.\r\nMentorship & Knowledge Transfer\r\nAct as the SME (Subject Matter Expert) and provide technical guidance and mentorship to L1 and L2 analysts.\r\nConduct knowledge transfer sessions, training workshops, and tabletop exercises at the customer site.\r\nDevelop and maintain SOPs, runbooks, and escalation workflows for SOC operations.\r\nTechnical Skills Required\r\nCategory\r\n \r\nRequired Skills\r\n\r\n\r\nSIEM Platforms\r\n \r\nExpertise in any 2 of: Splunk, Microsoft Sentinel, Google Chronicle, Palo Alto XSIAM\r\n\r\n\r\nEDR Platforms\r\n \r\nHands-on experience in any 2 of: CrowdStrike Falcon, Microsoft Defender XDR, SentinelOne, Cortex XDR, Cisco Secure Endpoint\r\n\r\n\r\nSOAR Platforms\r\n \r\nExperience with XSOAR, Siemplify (Chronicle SOAR), Tines, or equivalent\r\n\r\n\r\nQuery Languages\r\n \r\nProficiency in KQL, SPL, YARA-L, or equivalent for advanced hunting\r\n\r\n\r\nScripting & Automation\r\n \r\nStrong skills in Python, PowerShell for automation and scripting\r\n\r\n\r\nFrameworks\r\n \r\nDeep understanding of MITRE ATT&CK;, Cyber Kill Chain, NIST CSF, ISO 27001\r\n\r\n\r\nOS Knowledge\r\n \r\nStrong understanding of Windows, Linux, and macOS endpoint security and attack techniques\r\n\r\n\r\nCloud Security\r\n \r\nFamiliarity with Azure Defender, M365 Defender, Defender for Cloud, AWS Security Hub\r\n\r\n\r\nForensics\r\n \r\nExperience in forensic investigations, malware analysis, and digital evidence handling\r\n\r\n\r\nReporting\r\n \r\nExperien

Skill Requirements

Job Summary\r\nAs an L3 SOC Analyst (Onsite), you will serve as the senior-most technical. You will provide advanced threat detection, incident response leadership, and threat hunting capabilities. This is a customer-facing role requiring strong stakeholder engagement, technical presentation skills, and the ability to represent HCL CSFC\'s MXDR capabilities with excellence.\r\nRoles & Responsibilities\r\nIncident Response & Escalation\r\nAct as the primary escalation point for L1 and L2 SOC analysts for all complex security incidents.\r\nLead incident response activities, including containment, eradication, root cause analysis (RCA), and recovery.\r\nPerform advanced triaging and collaborate with resolver groups, third parties, and designated customer contacts for incident resolution.\r\nConduct post-incident reviews (PIR) and contribute to detailed investigation and RCA reports for customer governance.\r\nThreat Hunting & Intelligence\r\nDesign and execute proactive threat hunting activities using SIEM, EDR, and advanced query languages (KQL, SPL).\r\nPerform both IOC-based and hypothesis-based threat hunting, correlating with the latest threat intelligence feeds.\r\nAnalyse emerging threat intelligence and map findings to the MITRE ATT&CK; framework for enhanced detection.\r\nCreate and deliver threat hunting reports and advisories based on defined KPIs for customer consumption.\r\nSIEM/SOAR & Detection Engineering\r\nDevelop and fine-tune detection use cases, correlation rules, and automated response playbooks.\r\nProvide expertise in SIEM/SOAR platform optimization, log source integration, and content management.\r\nLead efforts to reduce alert fatigue through rule tuning, false-positive suppression, and analytics engine optimization.\r\nCollaborate with OEM support teams for issue resolution and product improvements.\r\nCustomer Engagement & Governance (Onsite Specific)\r\nServe as the face of HCL CSFC, building trust and maintaining strong stakeholder relationships.\r\nParticipate in and present during Monthly Security Operations Reviews (MSOR), weekly governance calls, and ad-hoc executive briefings.\r\nProvide technical analysis reports, security posture assessments, and actionable recommendations.\r\nCoordinate with customer IT/Security teams, OEM vendors, and HCL offshore teams for seamless service delivery.\r\nDrive SLA/KPI adherence (MTTD, MTTR, MTTA, MTTN) and ensure contractual compliance.\r\nMentorship & Knowledge Transfer\r\nAct as the SME (Subject Matter Expert) and provide technical guidance and mentorship to L1 and L2 analysts.\r\nConduct knowledge transfer sessions, training workshops, and tabletop exercises at the customer site.\r\nDevelop and maintain SOPs, runbooks, and escalation workflows for SOC operations.\r\nTechnical Skills Required\r\nCategory\r\n \r\nRequired Skills\r\n\r\n\r\nSIEM Platforms\r\n \r\nExpertise in any 2 of: Splunk, Microsoft Sentinel, Google Chronicle, Palo Alto XSIAM\r\n\r\n\r\nEDR Platforms\r\n \r\nHands-on experience in any 2 of: CrowdStrike Falcon, Microsoft Defender XDR, SentinelOne, Cortex XDR, Cisco Secure Endpoint\r\n\r\n\r\nSOAR Platforms\r\n \r\nExperience with XSOAR, Siemplify (Chronicle SOAR), Tines, or equivalent\r\n\r\n\r\nQuery Languages\r\n \r\nProficiency in KQL, SPL, YARA-L, or equivalent for advanced hunting\r\n\r\n\r\nScripting & Automation\r\n \r\nStrong skills in Python, PowerShell for automation and scripting\r\n\r\n\r\nFrameworks\r\n \r\nDeep understanding of MITRE ATT&CK;, Cyber Kill Chain, NIST CSF, ISO 27001\r\n\r\n\r\nOS Knowledge\r\n \r\nStrong understanding of Windows, Linux, and macOS endpoint security and attack techniques\r\n\r\n\r\nCloud Security\r\n \r\nFamiliarity with Azure Defender, M365 Defender, Defender for Cloud, AWS Security Hub\r\n\r\n\r\nForensics\r\n \r\nExperience in forensic investigations, malware analysis, and digital evidence handling\r\n\r\n\r\nReporting\r\n \r\nExperien

Other Requirements

Job Summary\r\nAs an L3 SOC Analyst (Onsite), you will serve as the senior-most technical. You will provide advanced threat detection, incident response leadership, and threat hunting capabilities. This is a customer-facing role requiring strong stakeholder engagement, technical presentation skills, and the ability to represent HCL CSFC\'s MXDR capabilities with excellence.\r\nRoles & Responsibilities\r\nIncident Response & Escalation\r\nAct as the primary escalation point for L1 and L2 SOC analysts for all complex security incidents.\r\nLead incident response activities, including containment, eradication, root cause analysis (RCA), and recovery.\r\nPerform advanced triaging and collaborate with resolver groups, third parties, and designated customer contacts for incident resolution.\r\nConduct post-incident reviews (PIR) and contribute to detailed investigation and RCA reports for customer governance.\r\nThreat Hunting & Intelligence\r\nDesign and execute proactive threat hunting activities using SIEM, EDR, and advanced query languages (KQL, SPL).\r\nPerform both IOC-based and hypothesis-based threat hunting, correlating with the latest threat intelligence feeds.\r\nAnalyse emerging threat intelligence and map findings to the MITRE ATT&CK; framework for enhanced detection.\r\nCreate and deliver threat hunting reports and advisories based on defined KPIs for customer consumption.\r\nSIEM/SOAR & Detection Engineering\r\nDevelop and fine-tune detection use cases, correlation rules, and automated response playbooks.\r\nProvide expertise in SIEM/SOAR platform optimization, log source integration, and content management.\r\nLead efforts to reduce alert fatigue through rule tuning, false-positive suppression, and analytics engine optimization.\r\nCollaborate with OEM support teams for issue resolution and product improvements.\r\nCustomer Engagement & Governance (Onsite Specific)\r\nServe as the face of HCL CSFC, building trust and maintaining strong stakeholder relationships.\r\nParticipate in and present during Monthly Security Operations Reviews (MSOR), weekly governance calls, and ad-hoc executive briefings.\r\nProvide technical analysis reports, security posture assessments, and actionable recommendations.\r\nCoordinate with customer IT/Security teams, OEM vendors, and HCL offshore teams for seamless service delivery.\r\nDrive SLA/KPI adherence (MTTD, MTTR, MTTA, MTTN) and ensure contractual compliance.\r\nMentorship & Knowledge Transfer\r\nAct as the SME (Subject Matter Expert) and provide technical guidance and mentorship to L1 and L2 analysts.\r\nConduct knowledge transfer sessions, training workshops, and tabletop exercises at the customer site.\r\nDevelop and maintain SOPs, runbooks, and escalation workflows for SOC operations.\r\nTechnical Skills Required\r\nCategory\r\n \r\nRequired Skills\r\n\r\n\r\nSIEM Platforms\r\n \r\nExpertise in any 2 of: Splunk, Microsoft Sentinel, Google Chronicle, Palo Alto XSIAM\r\n\r\n\r\nEDR Platforms\r\n \r\nHands-on experience in any 2 of: CrowdStrike Falcon, Microsoft Defender XDR, SentinelOne, Cortex XDR, Cisco Secure Endpoint\r\n\r\n\r\nSOAR Platforms\r\n \r\nExperience with XSOAR, Siemplify (Chronicle SOAR), Tines, or equivalent\r\n\r\n\r\nQuery Languages\r\n \r\nProficiency in KQL, SPL, YARA-L, or equivalent for advanced hunting\r\n\r\n\r\nScripting & Automation\r\n \r\nStrong skills in Python, PowerShell for automation and scripting\r\n\r\n\r\nFrameworks\r\n \r\nDeep understanding of MITRE ATT&CK;, Cyber Kill Chain, NIST CSF, ISO 27001\r\n\r\n\r\nOS Knowledge\r\n \r\nStrong understanding of Windows, Linux, and macOS endpoint security and attack techniques\r\n\r\n\r\nCloud Security\r\n \r\nFamiliarity with Azure Defender, M365 Defender, Defender for Cloud, AWS Security Hub\r\n\r\n\r\nForensics\r\n \r\nExperience in forensic investigations, malware analysis, and digital evidence handling\r\n\r\n\r\nReporting\r\n \r\nExperien
Maximum Salary (US):  123000
Minimum Salary (US):  69000
Apply now
Information at a Glance

Why HCLTech?

At HCLTech, you'll supercharge your potential. You'll find your career. And you'll find your spark. All at a place that knows that helping its customers stay on top starts by putting its people first.

HCLTech is a global technology company, home to more than 226,300 people across 60 countries, delivering industry-leading capabilities centered around digital, engineering, cloud and AI, powered by a broad portfolio of technology services and products. We work with clients across all major verticals, providing industry solutions for Financial Services, Manufacturing, Life Sciences and Healthcare, Technology and Services, Telecom and Media, Retail and CPG, and Public Services. Consolidated revenues as of 12 months ending December 2025 totaled $14.5 billion.

Compensation and Benefits

A candidate’s pay within the range will depend on their skills, experience, education, and other factors permitted by law. This role may also be eligible for performance-based bonuses subject to company policies. In addition, this role is eligible for the following benefits subject to company policies: medical, dental, vision, pharmacy, life, accidental death & dismemberment, and disability insurance; employee assistance program; 401(k) retirement plan; 10 days of paid time off per year (some positions are eligible for need-based leave with no designated number of leave days per year); and 10 paid holidays per year.