Security Consultant - SIEM Administrator

Introduction

A career in IBM Consulting is rooted by long-term relationships and close collaboration with clients across the globe. You'll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio, including Software and Red Hat. Curiosity and a constant quest for knowledge serve as the foundation to success in IBM Consulting. In your role, you'll be encouraged to challenge the norm, investigate ideas outside of your role, and come up with creative solutions resulting in groundbreaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment that embraces your unique skills and experience.

Your Role And Responsibilities

• Should have work experience with multiple SIEM solutions and deep understanding of SIEM Architecture and components [Mainly Qradar SIEM].
• Should have design and deployment of SIEM and SOAR solutions, primarily in Qradar SIEM.
• Extensive experience in rebuilding and restoration of SIEM and SOAR solutions and components.
• Should have experience in research and development of new correlation/MITRE based use cases based on new global trends
• Should have extensive hands-on experience in SIEM and SOAR Administration and troubleshooting [Mainly Qradar SIEM].
• Must have extensive knowledge in new SIEM Implementation and deployment with DC-DR, HA setup and configurations [Mainly Qradar SIEM].
• Should coordinate with Engineering Lead and ensure the SIEM projects are delivered on time, and in-line with Customer expectation and best practices.
• Excellent understanding and proven hands-on experience in SIEM concepts such as correlation, aggregation, normalization, and parsing.
• Act as the final escalation point for SIEM-related incidents and operational issues.
• Design, develop, and optimize advanced correlation rules, dashboards, reports, and custom parsers
• Lead investigations of advanced and complex cybersecurity incidents and threats
• Act as an escalation point for L1/L2 analysts for incident triage, analysis, and remediation.
• Experience in SIEM Version Upgrade, Patch Upgrade, WinCollect Version Upgrades.
• Must have proven experience in Log Sources Integration & Troubleshooting [DC and Cloud].
• Strong skill set in custom log sources integration & parser development.
• Should perform regular health checks and maintain the SIEM platform effectively.
• Should have work experience in UBA & Rules and Tuning of UBA app.
• Experience in Use Case conceptualization, configuration & testing.
• Responsible for Apps Installation, Troubleshooting & App host Management.
• Understanding about threat scenarios, threat vectors and logs to arrive at identify new threats.
• Analyse existing SIEM rules to optimize threat detection and minimize false positives.
• Participate in Client SOC strategy and planning, including capacity planning and technology roadmap.
• Ability to multitask and work independently with minimal direction and maximum accountability.
• Coordination skills to collaborate with multiple technical and service delivery team.
• Good to have knowledge in Investigating, documenting, and reporting on any information security (InfoSec) issues as well as emerging trends.
• Good to have experiences in analysis of security incident/alert trend and suggest for fine-tuning.
• Good to have experience in Investigate suspicious activities, contain, and prevent them.
  
  

Preferred Education

Bachelor's Degree

Required Technical And Professional Expertise

• Minimum 8+ years of experience in IT Cyber Security Industry.
• Minimum 6+ years’ experience in SIEM Administration/Engineering.
  
  

SIEM Expertise in Qradar SIEM, Palo Alto XSIAM, Microsoft Sentinel

• Should have good understanding of Networking, OSI, TCP/IP concepts.
• Should understand Cybersecurity controls and attack.
• Understanding of MITRE ATT&CK/NIST Framework and attack methods.
• Should have good understanding of ITIL process.
  
  

Preferred Technical And Professional Experience

Good to have Cybersecurity certifications [SIEM Administrations, CEH, CompTIA S+]