SIEM Admin

We have an urgent requirement for SIEM Admin with our client based QATAR

Design and deployment of SIEM Platform (Virtual & Physical appliances)

Patching & Upgrading of SIEM Platform/Agents.

Job Description

• Design and deployment of SIEM Platform (Virtual & Physical appliances)
• Integration of AppHost and data node in multi-tenancy environment.
• Understanding & deployment of all major IBM win-collect architecture.
• Knowledge on off board storage configuration.
• Integration Knowledge with QRadar (SOAR, Threat Intel Platform).
• Patching & Upgrading of SIEM Platform/Agents.
• Work with business units to create network hierarchy, building blocks, classify Log Sources within the QRadar SIEM
• Creating Custom API Connectors and Parsers/DSM for log sources which are not out-of-box supported by SIEM Vendor.
• Audit and prepare assessment report for existing SIEM platform.
• Troubleshoot issues regarding SIEM and other SOC tools.
• Develop use cases and create custom rules in SIEM.
• Troubleshooting at log sources and connector/agent end to fix any issues reported by other team and observed on day-to-day basis.
• Raising change management tickets for SOC Administration activities like Patch upgrade for SIEM, onboarding log sources etc.
• Working with OEM (Tool support) in a way to resolve the issue or incident raised.
• Data archiving and backup and data purging configuration as per need and compliance.
• Restoring configuration/data backups based on the needs.
• High ethics, ability to protect confidential information.
• Experience in Linux Administration.
• Python Scripting Knowledge (Good to have).
  
  

Skills: siem,soar,api,qradar