SIEM Administrator – Qradar

Job Description

Technical Competencies-SIEM Admin-Qradar

• Deep knowledge of the proposed SIEM solutions (Splunk, QRadar and others) mSIEM Use Cases, Rules, Dashboards design, implementation, tuning & maintenance.
• IRP Run Books design, implementation, tuning and maintenance
• Proficient with Splunk architecture and various components ( indexers, forwarders, search heads, deployment server) particularly Splunk ES application
• Familiar with Splunk platform specifics related to Parsing, Indexing, Searching and Search Optimization, Hot, Warm, Cold, Frozen buckets
• Experienced in creating different visualizations in Splunk (Bar, Lines, Pie charts, Scatter plots, Gantt charts, Bubble charts, Histograms, Trend lines, Heat maps and Highlight tables)
• Ability to extract custom properties & fields from logs sources and write parsers
• Knowledge of EDR and IRP/SOAR technologies (preferably CBR and IBM Resilient)
• Process and Procedure adherence
• General network knowledge, TCP/IP Troubleshooting
• Ability to trace down an endpoint on the network based on ticket information
• Deep Understanding of common network services (web, mail, DNS, authentication)
• Knowledge of host based firewalls, Anti Malware, HIDS
• General Desktop OS and Server OS knowledge
• Strong analytical and problem solving skills

Training, Qualifications, and Certifications
Preferred:
• Security Essentials
• SEC401 (optional GSEC certification)
• Linux administration

Recommended:
• Splunk training or certification
• QRadar training or certification (optional)
• Securing Linux/Unix
• SEC506 (optional GCUX certification)