Securityconsultant-infrastructuresecurity

Introduction

Your Role and Responsibilities
- Lead and Guide the SIEM Admin Team to deliver all the below tasks
- Install, upgrade, configure, administer, and maintain our distributed SIEM QRadar platform.
- Monitor and troubleshoot QRadar health issues to ensure optimal performance.
- Integrate different devices with SIEM, including API integration and threat intelligence data integration.
- Troubleshoot log sources not reporting and resolve connectivity issues.
- Develop custom parsers, write complex regular expressions, and extract CEPs from raw logs.
- Identify and design SIEM use cases based on the latest security threats.
- Develop and modify alert playbooks for L1 and L2 analysts.
- Review the SOP, KPI
- Fine-tune use cases to reduce alert fatigue and improve efficiency.
- Understand security frameworks such as Mitre and Cyber Kill Chain.
- Possess knowledge of different logging levels.
- Conduct SOC incident analysis and have exposure to various information security technologies.
- Demonstrate a strong understanding of networking concepts.
- Interpret, search, and process data within enterprise logging systems.
- Revise and develop processes to strengthen the current security operation framework.
- Provide technical guidance to L1, L2, and L3 analysts for alert monitoring w.r.t the SIEM Use Cases, Reports, Dashboards.
- Develop and optimize the incident response framework, including processes, playbooks, documentation, and automation.
- Support in clearing different audit requirements and ensure compliance.
- Possess sound and practical knowledge of Linux
- Guide the team in handling Hardware issues and upgrades
- Infra Capacity Management and Proactive handling of capacity thresholds

Who you are:
You are a seasoned cybersecurity professional with a passion for staying ahead of evolving threats and a knack for problem-solving. You thrive in a dynamic environment where no two days are the same, and you are committed to excellence in all aspects of your work. As a SIEM Lead Administrator, you are a proactive leader who excels at collaborating with cross-functional teams and guiding junior admins in the team to successfully deliver the roles and responsibilities. Your technical expertise, coupled with your strong communication skills, makes you an invaluable asset to our cybersecurity team.

What you’ll do:

- Guide and Lead the Team: Give advice and support to team members to deliver all the below tasks
- Set up and Keep SIEM Running: Install and maintain our SIEM tool (QRadar) to protect our systems.
- Watch for Problems and Fix Them: Keep an eye on SIEM's health and solve any issues that come up.
- Integrate Devices and Data: Integrate different tools and data to SIEM so we can see if there's any danger.
- Fix Log Problems: Make sure all devices are sending their data properly and fix any issues.
- Make Tools to Find Threats: Create tools to help us find problems in all the data we collect.
- Plan for Security: Make plans to find and handle any new cyber threats.
- Make Plans for Alerts: Plan what to do if we get a warning, so everyone knows what to do.
- Cut Down on Alerts: Make sure we only get alerts when there's a real problem, not just lots of noise.
- Know Security Basics: Understand how security works and what different levels mean.
- Check for Problems: Keep an eye on all our systems to make sure there are no issues.
- Understand Networks: Know how our networks work so we can fix any security issues.
- Look for Problems in Data: Check through lots of data to find any problems.
- Make Things Work Better: Find ways to make our security systems work even better.
- Respond to Problems: Jump in and help fix any issues if there's a security problem.
- Follow the Rules: Make sure we're following all the rules and laws about security.
- Be Good with Linux: Know how to use Linux systems since many of our tools run on them.

How we’ll help you grow:
IBM is committed to create a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
- You’ll have access to all the technical, management and leadership training courses you need to become the expert you want to be
- You’ll learn directly from sales leaders and senior leadership team
- You have the opportunity to work in many different areas to figure out what really excites you

Required Technical and Professional Expertise
- SIEM Administration (QRadar)
- Troubleshooting skills
- Integration and Customization of SIEM
- Manual and Auto Correlation of Events and Flows
- Use Case Development and Management
- SOP Review
- KPI Review
- Actively Participating in various Security Assessments and Audits
- Process Improvement for security operations
- Team Leadership and Support
- Compliance Management
- Linux Pr