Expoint - all jobs in one place

מציאת משרת הייטק בחברות הטובות ביותר מעולם לא הייתה קלה יותר

Limitless High-tech career opportunities - Expoint

IBM Security Consultant-Qradar UEBA Administrator 
India, Maharashtra, Pune 
884677258

29.07.2024

Your Role and Responsibilities
Qradar and UEBA Administrator

How we’ll help you grow:

  • You’ll have access to all the technical and management training courses you need to become the expert you want to be
  • You’ll learn directly from expert developers in the field; our team leads love to mentor
  • You have the opportunity to work in many different areas to figure out what really excites you


Required Technical and Professional Expertise

  • 6+ years of IT experience in security with at least 4+ Years in Security Operation centre with SIEMs and EDR.
  • Should have good understanding of Networking, OSI, TCP/IP concepts.
  • Should have good understanding of ITIL process.
  • Should understand Cybersecurity controls and attack.
  • Understanding of MITRE Framework and attack methods.
  • Good to have Cybersecurity certifications [SIEM Administrations, CEH, CompTIA S+]
  • Should have work experience multiple SIEM solutions and understanding of SIEM Architecture and components [Mainly Qradar SIEM].
  • Good to have hands on experience in SIEM Administration and troubleshooting [Mainly Qradar SIEM].
  • Should have knowledge in new SIEM Implementation and deployment with DC-DR, HA setup and configurations [Mainly Qradar SIEM].
  • Should coordinate with Engineering Lead and ensure the SIEM projects are delivered on time, and in-line with Customer expectation and best practices.
  • Excellent understanding and proven hands-on experience in SIEM concepts such as correlation, aggregation, normalization, and parsing.
  • Experience in SIEM Version Upgrade, Patch Upgrade, WinCollect Version Upgrades.
  • Must have proven experience in Log Sources Integration & Troubleshooting.
  • Strong skill set in custom log sources integration & parser development.
  • Should perform regular health checks and maintain the SIEM platform effectively.
  • Should have work experience in UBA & Rules and Tuning of UBA app.
  • Experience in Use Case conceptualization, configuration & testing.
  • Standardizing Use Cases and make it applicable for all customers.
  • Responsible for Apps Installation, Troubleshooting & App host Management.
  • Understanding about threat scenarios, threat vectors and logs to arrive at identify new threats.
  • Analyse existing SIEM rules to optimize threat detection and minimize false positives.
  • Participate in Client SOC strategy and planning, including capacity planning and technology roadmap.
  • Ability to multitask and work independently with minimal direction and maximum accountability.
  • Coordination skills to collaborate with multiple technical and service delivery team.


Preferred Technical and Professional Expertise

  • Certifications: CEH or ECIH or CompTIA security analyst.
  • Ambitious individual who can work under their own direction towards agreed targets/goals and with creative approach to work.
  • Intuitive individual with an ability to manage change and proven time management.
  • Proven interpersonal skills while contributing to team effort by accomplishing related results as needed.
  • Up-to-date technical knowledge by attending educational workshops, reviewing publications.
  • Any entrant or Professional skill on shell scripting, AIX, Linux or Python.
  • Good to have hands on experience with managing SIEM solutions on public/private clouds like Amazon AWS, Microsoft Azure, etc.
  • Proven Experience on any of the Security information and event management (SIEM) tools like (Qradar, Splunk, McAfee ESM etc.)
  • Data-driven threat hunting using SIEM and other threat hunting tools.
  • Experience is SOAR tools such as Qradar Resilient, PaloAlto XSOAR
  • Identify quick defence techniques till permanent resolution.
  • Recognize successful intrusions and compromises through review and analysis of relevant event detail information.
  • Launch and track investigations to resolution. Recognize attacks based on their signatures, differentiates false positives from true intrusion attempts.
  • Actively investigates the latest security vulnerabilities, advisories, and incidents.
  • Identify the gaps in security environment & suggest the gap closure.
  • Drive & Support Change Management.