IBM Security Consultant-SIEM QRadar UEBA Administrator 

India, Maharashtra, Pune 

362051500

How we’ll help you grow:

• You’ll have access to all the technical and management training courses you need to become the expert you want to be
• You’ll learn directly from expert developers in the field; our team leads love to mentor
• You have the opportunity to work in many different areas to figure out what really excites you

Required Technical and Professional Expertise

• 6+ years of IT experience in security with at least 4+ Years in Security Operation centre with SIEMs and EDR.
• Should have good understanding of Networking, OSI, TCP/IP concepts.
• Should have good understanding of ITIL process.
• Should understand Cybersecurity controls and attack.
• Understanding of MITRE Framework and attack methods.
• Good to have Cybersecurity certifications [SIEM Administrations, CEH, CompTIA S+]
• Should have work experience multiple SIEM solutions and understanding of SIEM Architecture and components [Mainly Qradar SIEM].
• Good to have hands on experience in SIEM Administration and troubleshooting [Mainly Qradar SIEM].
• Should have knowledge in new SIEM Implementation and deployment with DC-DR, HA setup and configurations [Mainly Qradar SIEM].
• Should coordinate with Engineering Lead and ensure the SIEM projects are delivered on time, and in-line with Customer expectation and best practices.
• Excellent understanding and proven hands-on experience in SIEM concepts such as correlation, aggregation, normalization, and parsing.
• Experience in SIEM Version Upgrade, Patch Upgrade, WinCollect Version Upgrades.
• Must have proven experience in Log Sources Integration & Troubleshooting.
• Strong skill set in custom log sources integration & parser development.
• Should perform regular health checks and maintain the SIEM platform effectively.
• Should have work experience in UBA & Rules and Tuning of UBA app.
• Experience in Use Case conceptualization, configuration & testing.
• Standardizing Use Cases and make it applicable for all customers.
• Responsible for Apps Installation, Troubleshooting & App host Management.
• Understanding about threat scenarios, threat vectors and logs to arrive at identify new threats.
• Analyse existing SIEM rules to optimize threat detection and minimize false positives.
• Participate in Client SOC strategy and planning, including capacity planning and technology roadmap.
• Ability to multitask and work independently with minimal direction and maximum accountability.
• Coordination skills to collaborate with multiple technical and service delivery team.

Preferred Technical and Professional Expertise

• Certifications: CEH or ECIH or CompTIA security analyst.
• Ambitious individual who can work under their own direction towards agreed targets/goals and with creative approach to work.
• Intuitive individual with an ability to manage change and proven time management.
• Proven interpersonal skills while contributing to team effort by accomplishing related results as needed.
• Up-to-date technical knowledge by attending educational workshops, reviewing publications.
• Any entrant or Professional skill on shell scripting, AIX, Linux or Python.
• Good to have hands on experience with managing SIEM solutions on public/private clouds like Amazon AWS, Microsoft Azure, etc.
• Proven Experience on any of the Security information and event management (SIEM) tools like (Qradar, Splunk, McAfee ESM etc.)
• Data-driven threat hunting using SIEM and other threat hunting tools.
• Experience is SOAR tools such as Qradar Resilient, PaloAlto XSOAR
• Identify quick defence techniques till permanent resolution.
• Recognize successful intrusions and compromises through review and analysis of relevant event detail information.
• Launch and track investigations to resolution. Recognize attacks based on their signatures, differentiates false positives from true intrusion attempts.
• Actively investigates the latest security vulnerabilities, advisories, and incidents.
• Identify the gaps in security environment & suggest the gap closure.
• Drive & Support Change Management.