SecurityConsultant-InfrastructureSecurity

Introduction
Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant you will be a key advisor for IBM’s clients analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client’s organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.

Your Role and Responsibilities

• Lead and Guide the SIEM Admin Team to deliver all the below tasks
• Install upgrade configure administer and maintain our distributed SIEM QRadar platform.
• Monitor and troubleshoot QRadar health issues to ensure optimal performance.
• Integrate different devices with SIEM including API integration and threat intelligence data integration.
• Troubleshoot log sources not reporting and resolve connectivity issues.
• Develop custom parsers write complex regular expressions and extract CEPs from raw logs.
• Identify and design SIEM use cases based on the latest security threats.
• Develop and modify alert playbooks for L1 and L2 analysts.
• Review the SOP KPI
• Fine-tune use cases to reduce alert fatigue and improve efficiency.
• Understand security frameworks such as Mitre and Cyber Kill Chain.
• Possess knowledge of different logging levels.
• Conduct SOC incident analysis and have exposure to various information security technologies.
• Demonstrate a strong understanding of networking concepts.
• Interpret search and process data within enterprise logging systems.
• Revise and develop processes to strengthen the current security operation framework.
• Provide technical guidance to L1 L2 and L3 analysts for alert monitoring w.r.t the SIEM Use Cases Reports Dashboards.
• Develop and optimize the incident response framework including processes playbooks documentation and automation.
• Support in clearing different audit requirements and ensure compliance.
• Possess sound and practical knowledge of Linux
• Guide the team in handling Hardware issues and upgrades
• Infra Capacity Management and Proactive handling of capacity thresholds

Who you are:
You are a seasoned cybersecurity professional with a passion for staying ahead of evolving threats and a knack for problem-solving. You thrive in a dynamic environment where no two days are the same and you are committed to excellence in all aspects of your work. As a SIEM Lead Administrator you are a proactive leader who excels at collaborating with cross-functional teams and guiding junior admins in the team to successfully deliver the roles and responsibilities. Your technical expertise coupled with your strong communication skills makes you an invaluable asset to our cybersecurity team.

What you’ll do:

• Guide and Lead the Team: Give advice and support to team members to deliver all the below tasks
• Set up and Keep SIEM Running: Install and maintain our SIEM tool (QRadar) to protect our systems.
• Watch for Problems and Fix Them: Keep an eye on SIEM’s health and solve any issues that come up.
• Integrate Devices and Data: Integrate different tools and data to SIEM so we can see if there’s any danger.
• Fix Log Problems: Make sure all devices are sending their data properly and fix any issues.
• Make Tools to Find Threats: Create tools to help us find problems in all the data we collect.
• Plan for Security: Make plans to find and handle any new cyber threats.
• Make Plans for Alerts: Plan what to do if we get a warning so everyone knows what to do.
• Cut Down on Alerts: Make sure we only get alerts when there’s a real problem not just lots of noise.
• Know Security Basics: Understand how security works and what different levels mean.
• Check for Problems: Keep an eye on all our systems to make sure there are no issues.
• Understand Networks: Know how our networks work so we can fix any security issues.
• Look for Problems in Data: Check through lots of data to find any problems.
• Make Things Work Better: Find ways to make our security systems work even better.
• Respond to Problems: Jump in and help fix any issues if there’s a security problem.
• Follow the Rules: Make sure we’re following all the rules and laws about security.
• Be Good with Linux: Know how to use Linux systems since many of our tools run on them.

Required Technical and Professional Expertise

• SIEM Administration (QRadar)
• Troubleshooting skills
• Integration and Customization of SIEM
• Manual and Auto Correlation of Events and Flows
• Use Case Development and Management
• SOP Review
• KPI Review
• Actively Participating in various Security Assessments and Audits
• Process Improvement for security operations
• Team Leadership and Support
• Compliance Management
• Linux Proficiency
• Hardware Issue troubleshooting
• Hardware Upgrades
• RMA processing
• Understanding of Networking Concepts

Preferred Technical and Professional Expertise

• Incident Analysis in SOC environment
• Security Frameworks Knowledge (Mitre Cyber Kill Chain)
• Data Interpretation within logging systems
• Threat Intelligence Fundamentals
• Strategic Planning for Proactive Defense Implementation
• Use Case Development for Enhanced Security Measures