Key responsibilities:
responsible for the design & implementation of siem platform(s).
responsible for upgrading/updating of siem components & applications within.
responsible for the integration of various log sources with siem.
responsible for custom log source integrations with siem.
responsible for monitoring and maintaining the health of siem components & applications within.
responsible for creation/modification of security use case (rule triggers) in siem by understanding the customer infra setup and customer needs.
responsible for the creation/modification of reports (automated & custom).
responsible for working with respective stakeholders to on-board or troubleshoot the broken log sources if any.
responsible for custom property creation.
responsible for wincollect installation & management.
responsible for apps installation & apphost management.technical experience:
custom event mapping for unknown events, miscategorized events, and custom log source extensions.
work with the irt team to remediate offenses, tune rules for false positives, and create new rules.
creation and management of reference sets and outside threat intel sources.
onboard new log sources and assign log sources to the correct group.
dashboard creation for monitoring environment.
report creation and maintenance.
maintain all components of a distributed qradar infrastructure and deployment servers.
provide overall management of the qradar platform deployment, configuration, and maintenance across various unix and windows platforms.professional attributes:
previous qradar administration or development (dsm/parser development) experience: at least 2 years of qradar experience is required.
create, modify, and tune the siem rules to adjust the specifications of alerts and incidents.
work with customer-designated personnel to provide continual correlation rule tuning, incident classification, and prioritization recommendations.
report query adjustments, dashboard creation, system maintenance, and other siem configuration activities.
familiarity with working in the red hat enterprise linux operating system.
custom event mapping for unknown events, miscategorized events, and custom log source extensions.
work with the irt team to remediate offenses, tune rules for false positives, and create new rules.
creation and management of reference sets and outside threat intel sources.
onboard new log sources and assign log sources to the correct group.
dashboard creation for monitoring environment.
report creation and maintenance.
maintain all components of a distributed qradar infrastructure and deployment servers.
provide overall management of the qradar platform deployment, configuration, and maintenance across various unix and windows platforms.