Senior Security Engineer (Systems Engineer 2 or 3)

We are the Metropolitan Council, the regional government for the seven-county Twin Cities metropolitan area. We plan 30 years ahead for the future of the metropolitan area and provide regional transportation, wastewater, and housing services. More information about us on our website.

We are committed to supporting a diverse workforce that reflects the communities we serve.

Information Services is the central IT department supporting all divisions of the Metropolitan Council. Our 140 team members provide technology, practices, and innovative solutions that enable the core services of the Council.

We are seeking a highly skilled Senior Security Engineer (Systems Engineer 2 or 3) with a focus on Palo Alto Networks Cortex to join our cybersecurity team. In this role, you will be responsible for implementing, managing, and optimizing Palo Alto Networks' Cortex solutions to enhance our organization's security posture. You will be involved with advanced threat hunting and incident response.

As our Cortex Security Engineering Specialist, you will be the primary expert on Palo Alto Networks' Cortex portfolio, including Cortex XDR, XSOAR, and Cortex Xpanse. You will work closely with our internal IT and security teams to leverage these tools effectively in our environment.

The ideal candidate should have a solid understanding of Windows Server and Desktop OS, as well as networking principles, to effectively implement and manage Cortex XDR and Cortex Pro Per GB across the organization's infrastructure. This knowledge will be crucial in optimizing Cortex XDR's capabilities for threat detection, incident response, and overall security enhancement in a Windows-centric environment.

This position is eligible for a hybrid (both remote and onsite) telework arrangement. Candidate's permanent residence must be in Minnesota or Wisconsin.

Systems Engineer 2: $41.34 - $67.08 hourly/$85,987 - $139,526 yearly
Systems Engineer 3: $44.72 - $72.53 hourly/$93,018 - $150,862 yearly

• Configure and fine-tune Cortex XDR policies to optimize threat detection and response capabilities, taking into account the specific needs of various Windows OS versions
• Implement and maintain Cortex XDR network security features, leveraging your understanding of networking principles to enhance threat visibility and protection
• Create and maintain incident response playbooks within Cortex XDR, tailored to the organization's Windows-based infrastructure
• Provide regular reports and insights to management on the state of endpoint and network security, leveraging Cortex XDR's analytics capabilities

• Design, implement, and maintain our Cortex-based security infrastructure
• Develop and execute security policies and procedures using Cortex tools
• Conduct threat hunting and incident response activities
• Automate security operations and orchestrate responses using Cortex XSOAR
• Manage and optimize our attack surface reduction using Cortex Xpanse, Shodan or similar tool
• Collaborate with other security teams to integrate endpoint security solutions with our existing security stack
• Provide technical guidance and training to other team members on Cortex products
• Stay current with the latest features, updates, and best practices for Palo Alto Networks’ solutions
• Develop and maintain documentation for Cortex-related processes and configurations

Any of the following combinations of education (in Computer Science, Systems Security, or similar) and related experience:

• Bachelor's degree and 4 years of experience
• Associate's degree and 6 years of experience
• High school diploma/GED and 8 years of experience

Experience should include cybersecurity, with a focus on endpoint detection and response (EDR) and security orchestration, automation and response (SOAR) technologies, and Palo Alto, particularly XDR and XSOAR.

Any of the following combinations of education (in Computer Science, Systems Security, or similar) and related experience:

• Bachelor's degree and 5 years of experience
• Associate's degree and 7 years of experience
• High school diploma/GED and 9 years of experience

Experience should include cybersecurity, with a focus on endpoint detection and response (EDR) and security orchestration, automation and response (SOAR) technologies, and Palo Alto, particularly XDR and XSOAR.

• Understanding of threat detection, incident response, and threat hunting methodologies
• Familiarity with common cybersecurity frameworks (e.g., NIST, ISO 27001, MITRE ATT&CK)
• Experience with scripting and automation using languages such as Python, PowerShell, or Bash
• Knowledge of log analysis, SIEM technologies, and security analytics
• Excellent problem-solving skills and ability to work under pressure during security incidents
• Strong communication skills to explain technical concepts to both technical and non-technical audiences
• Relevant certifications such as Palo Alto Networks Certified Network Security Engineer (PCNSE), Certified Information Systems Security Professional (CISSP), or GIAC Security Essentials (GSEC) are a plus
• In-depth knowledge of Palo Alto Networks' Cortex products and their practical applications
• Strong background in SOC processes, threat detection, and incident response
• Ability to create and maintain automation workflows for security operations
• Experience integrating various security tools and technologies
• Strong analytical skills for interpreting security data and identifying trends
• Commitment to staying updated on the latest cybersecurity threats and technologies

• We offer the opportunity to make a difference and positively influence the Twin Cities metropolitan area
• We encourage our employees to develop their skills through on-site training and tuition reimbursement
• We provide a competitive salary, excellent benefits and a good work/life balance

Work is performed in a standard office setting. May require travel between primary worksite and various locations on short notice to resolve computer system problems.

If you are new to the Metropolitan Council, you must pass a drug test (safety sensitive positions only), and a background check which verifies education, employment, and criminal history. A driving record check and/or physical may be conducted if applicable to the job. If you have a criminal conviction, you do not automatically fail. The Metropolitan Council considers felony, gross misdemeanor and misdemeanor convictions on a case-by-case basis, based on whether they are related to the job and whether the candidate has demonstrated adequate rehabilitation.

If you are already an employee of the Metropolitan Council, you must pass a drug test (if moving from a non-safety sensitive position to a safety sensitive position) and criminal background check if the job you're applying for is safety sensitive, is a supervisory or management job, is in the Finance, Information Services, Audit, or Human Resources departments, or has access to financial records, files/databases, cash, vouchers or transit fare cards. A driving record check and/or physical may be conducted if applicable to the position.

IMPORTANT: If you make a false statement or withhold information, you may be barred from job consideration.

The Metropolitan Council is an Equal Opportunity, Affirmative Action, and veteran-friendly employer. The Council is committed to a workforce that reflects the diversity of the region and strongly encourages persons of color, members of the LGBTQ community, individuals with disabilities, women, and veterans to apply.

If you have a disability that requires accommodation during the selection process, please email HR-OCCHealth@metc.state.mn.us.