Role: SIEM L3 Administrator (IBM QRadar)
Location: Frisco, TX (Day 1 Onsite)
Mandatory skills: IBM QRadar
Job Description:
Design and deploy of SIEM Platform.
Patching & Upgrading of SIEM Platform/Agents.
Work with business units to create network hierarchy, building blocks, classify Log Sources within the QRadar SIEM
Creating Custom API Connectors and Parsers for log sources which are not out-of-box supported by SIEM Vendor.
Audit and prepare assessment report for existing SIEM platform.
Troubleshoot issues regarding SIEM and other SOC tools.
Develop use cases and create custom rules in SIEM.
Troubleshooting at log sources and connector/agent end to fix any issues reported by other team and observed on day-to-day basis.
Raising change management tickets for SOC Administration activities like Patch upgrade for SIEM, onboarding log sources etc.
Working with OEM (Tool support) in a way to resolve the issue or incident raised.
Data archiving and backup and data purging configuration as per need and compliance.
Restoring configuration/data backups based on the needs.
High ethics, ability to protect confidential information.
MITRE Telecommunication&CK modelling
Experience in Windows/Unix Administration.
Python Scripting Knowledge (Good to have).
Last updated on Dec 8, 2022