Associate Process Manager

Job Summary:

We are seeking a technically strong Security Analyst with hands-on expertise in SIEM platforms including IBM QRadar and LogRhythm. This position is critical in maintaining security operations by detecting, analyzing, and responding to cybersecurity threats across the enterprise. The ideal candidate will have deep knowledge in log source Integration, Log Collection and management, use-case creation, Alert setup, continuous optimization and correlation rule fine tuning, UEBA configuration, threat detection, Threat Hunting and experience in DFIR.

Key Responsibilities:

• Security Monitoring & Investigation:
  • Monitor and analyze events and alerts generated by QRadar and LogRhythm SIEM.
  • Investigate anomalies, correlated offenses, and triggered alarms using both platforms.
  • Use QNI (QRadar Network Insights) and UBA (User Behavior Analytics) for enhanced detection.
  • Conduct forensic log analysis and cross-platform correlation to determine the full attack chain.
• Use Case Development & Tuning:
  • Develop custom detection rules, correlation logic, and alarms for both QRadar and LogRhythm.
  • Fine-tune existing use cases to reduce false positives and improve alert fidelity.
  • Apply MITRE ATT&CK mapping to SIEM use cases for comprehensive coverage.
• Log Source Integration & Parsing:
  • Onboard new log sources (Windows, Linux, Cloud, Network Devices, Firewalls) into LogRhythm and QRadar.
  • Create and troubleshoot DSMs (Device Support Modules) and log parsing rules in Logrhythm.
  • Customize LogRhythm Data Indexing Policies and AI Engine rules for specific log types.
• Incident Response & Management:
  • Investigate incidents using LogRhythm's SmartResponse automation.
  • Respond to and contain threats by integrating EDR, firewall, and SOAR actions via both platforms.
  • Track incident lifecycle from detection to closure using integrated ticketing or IR tools.
• Threat Hunting & Analytics:
  • Perform threat hunting using Logrhythm and other security solutions.
  • Use LogRhythm's Analyst Console, AI Engine, and Case Management to detect stealthy threats.
  • Enrich incidents with threat intelligence feeds and IOC lookups in both platforms.
• Platform Optimization & Maintenance:
  • Maintain system health, conduct backup, patching, and performance tuning of QRadar and LogRhythm.
  • Configure custom dashboards, widgets, and reports for management and technical teams.
  • Conduct regular audit and gap assessments on SIEM log coverage and rule effectiveness.
• Collaboration & Documentation:
  • Work with infrastructure and application teams to ensure full log visibility and proper event tagging.
  • Maintain detailed SOPs, incident reports, platform configuration documentation, and use case libraries.

Required Skills and Qualifications:

• Experience:
  • Minimum 3+ years of experience in SOC operations or cyber incident response.
  • Direct hands-on experience with IBM QRadar (including QNI, UBA, AQL) and LogRhythm (AI Engine, SmartResponse, Case Management).
• Technical Skills:
  • Deep understanding of log ingestion, normalization, and correlation rule creation.
  • Proficient in writing AQL queries in QRadar and developing AI Engine rules in LogRhythm.
  • Strong understanding of network protocols, firewall rules, endpoint security, and Linux/Windows event logs.
  • Experience in integration with third-party tools: EDRs, firewalls, cloud logs (AWS, Azure), and SOAR platforms.
• Analytical & Communication:
  • Excellent threat analysis and root cause investigation skills.
  • Strong documentation and report-writing capabilities.
  • Effective communication with internal teams and external vendors.
• Certifications (Preferred):
  • QRadar Certification (e.g., IBM Certified Associate Administrator – QRadar)
  • LogRhythm Certified Security Analyst (LRSA) or Admin (LRSE)
  • CISSP, CEH, GCIA, GCIH, or similar certifications are a plus.
• Other:
  • Willingness to work in shifts and handle on-call rotation.
  • Ability to work under pressure and handle multiple incidents simultaneously.

Nice to Have:

• Knowledge of scripting (Python, Bash, PowerShell) for automation and log parsing.
• Experience in SOAR tools like IBM Resilient, LogRhythm SmartResponse, or similar.
• Understanding of compliance frameworks: PCI-DSS, ISO 27001, NIST, etc.