About the role
we are seeking a highly skilled and experienced security information and event management (siem) administrator to join our team. As a siem administrator, you will play a critical role in ensuring the security and integrity of our it infrastructure by designing, implementing, and maintaining the siem platform.
your responsibilities will include:
* designing and implementing the siem platform, including upgrading and updating its components
* integrating various log sources with the system, including custom log source integrations
* monitoring and maintaining the health of the system, including troubleshooting issues and resolving problems
* creating and modifying security use cases, including understanding customer infra setup and needs
* generating reports, including automated and custom reports
requirements
* at least 2 years of experience in qradar administration or development (dsm/parser development)
* familiarity with working in the red hat enterprise linux operating system
* knowledge of custom event mapping, including unknown events, miscategorized events, and custom log source extensions
* ability to work with the irt team to remediate offenses, tune rules for false positives, and create new rules
],