XSOAR Engineer

Candidates must possess an active Top Secret clearance to be eligible for consideration.

Position Overview

Zachary Piper Solutions is seeking a highly skilled Senior Endpoint Security & XDR Solutions Engineer to support mission-critical cybersecurity operations onsite at Scott AFB, IL. This role is customer-facing and deeply technical, combining endpoint protection expertise, threat detection and response, and hands-on operational support.

The ideal candidate will act as a trusted security advisor, product subject matter expert (SME), and technical partner, driving strong product adoption, and aligning security capabilities with the specific customer’s business and threat landscape.

Key Responsibilities

Endpoint Protection & XDR Operations

• Deploy, operationalize, and troubleshoot endpoint protection and XDR solutions in complex enterprise environments
• Support log ingestion, parsing, and normalization for new and existing data sources
• Develop custom detection logic, including BIOCs, correlation rules, and alert tuning
• Leverage XDR APIs for integrations, automation, and advanced use cases
• Conduct proactive threat hunting and detection engineering activities

Incident Response & SOC Support

• Serve as a Security Incident Responder or SOC-level escalation resource
• Investigate, analyze, and remediate security incidents across endpoints, networks, and cloud environments
• Collaborate with detection engineering teams to improve visibility and reduce false positives
• Provide operational guidance during high-severity incidents

Product Expertise & Customer Enablement

• Act as the product SME, partnering closely with product and engineering teams
• Translate customer business requirements into actionable security deployments
• Deliver training, workshops, and operational best practices to customer security teams
• Maintain continuous engagement to drive deeper product adoption and advanced use cases

Time to Value & Lifecycle Engagement

• Analyze customer environments and security requirements to ensure quick, successful deployments
• Guide customers through onboarding, optimization, and expansion phases
• Continuously assess security maturity and recommend improvements

Cloud & Infrastructure Security

• Support security use cases across major cloud providers (AWS, Azure, GCP)
• Understand hybrid and cloud-native architectures and their associated threat models
• Troubleshoot networking and endpoint issues across on-prem and cloud environments

Onsite Mission Support

• Work onsite with customer stakeholders to fully understand business objectives and operational constraints
• Assess and align security controls with the threat landscape specific to the customer’s industry vertical
• Serve as a technical liaison between the customer and internal teams

Required Qualifications

• Proven experience deploying and supporting endpoint protection and XDR solutions
• Background as a Security Incident Responder, SOC Analyst, or SOC Manager
• Strong networking knowledge (TCP/IP, OSI model, packet analysis, troubleshooting)
• Experience with SIEM platforms, such as Splunk
• Familiarity with threat hunting, detection engineering, and alert tuning
• Experience with log ingestion and parsing for security analytics
• Working knowledge of cloud platforms: AWS, Azure, and/or GCP
• Proficiency with query languages such as XQL, SQL, or similar
• Basic Linux system administration and troubleshooting skills
• Experience in customer-facing roles, including training and technical advisory
• Understanding of enterprise security tools, IT processes, and security ecosystems

Preferred / Nice-to-Have Skills

• Experience developing and maintaining scripts using Python or PowerShell
• Familiarity with machine learning concepts and applications in cybersecurity
• Experience working with XDR APIs
• Prior experience supporting government, defense, or regulated environments

Work Environment & Requirements

• 100% Onsite Role at Scott AFB, IL
• Ability to engage directly with customer leadership and technical teams
• Must be able to operate in a mission-focused, security-sensitive environment

Salary

Salary for this position ranges from $140,000-$150,000 *depending on experience*

#LI-AD1

#LI-ONSITE

SOAR, Python, Linux, MITRE ATT&CK, SIEM, Security Automation, Playbooks, Detection Engineering, Alert Triage and Case Management, Threat Intelligence Management,

SOC Workflow Automation