Associate Process Manager

Job Summary:

Security Analyst

Key Responsibilities:

• Security Monitoring & Investigation:

  • Monitor and analyze events and alerts generated by QRadar and LogRhythm SIEM.

  • Investigate anomalies, correlated offenses, and triggered alarms using both platforms.

  • Use QNI (QRadar Network Insights) and UBA (User Behavior Analytics) for enhanced detection.

  • Conduct forensic log analysis and cross-platform correlation to determine the full attack chain.

• Use Case Development & Tuning:

  • Develop custom detection rules, correlation logic, and alarms for both QRadar and LogRhythm.

  • Fine-tune existing use cases to reduce false positives and improve alert fidelity.

  • Apply MITRE ATT&CK mapping to SIEM use cases for comprehensive coverage.

• Log Source Integration & Parsing:

  • Onboard new log sources (Windows, Linux, Cloud, Network Devices, Firewalls) into LogRhythm and QRadar.

  • Create and troubleshoot DSMs (Device Support Modules) and log parsing rules in Logrhythm.

  • Customize LogRhythm Data Indexing Policies and AI Engine rules for specific log types.

• Incident Response & Management:

  • Investigate incidents using LogRhythms SmartResponse automation.

  • Respond to and contain threats by integrating EDR, firewall, and SOAR actions via both platforms.

  • Track incident lifecycle from detection to closure using integrated ticketing or IR tools.

• Threat Hunting & Analytics:

  • Perform threat hunting using Logrhythm and other security solutions.

  • Use LogRhythm's Analyst Console, AI Engine, and Case Management to detect stealthy threats.

  • Enrich incidents with threat intelligence feeds and IOC lookups in both platforms.

• Platform Optimization & Maintenance:

  • Maintain system health, conduct backup, patching, and performance tuning of QRadar and LogRhythm.

  • Configure custom dashboards, widgets, and reports for management and technical teams.

  • Conduct regular audit and gap assessments on SIEM log coverage and rule effectiveness.

• Collaboration & Documentation:

  • Work with infrastructure and application teams to ensure full log visibility and proper event tagging.

  • Maintain detailed SOPs, incident reports, platform configuration documentation, and use case libraries.

Required Skills and Qualifications:

• Experience:

  • Minimum 3+ years of experience in SOC operations or cyber incident response.

  • IBM QRadar (including QNI, UBA, AQL)

• Technical Skills:

  • Deep understanding of log ingestion, normalization, and correlation rule creation.

  • Proficient in writing AQL queries in QRadar and developing AI Engine rules in LogRhythm.

  • Strong understanding of network protocols, firewall rules, endpoint security, and Linux/Windows event logs.

  • Experience in integration with third-party tools: EDRs, firewalls, cloud logs (AWS, Azure), and SOAR platforms.

• Analytical & Communication:

  • Excellent threat analysis and root cause investigation skills.

  • Strong documentation and report-writing capabilities.

  • Effective communication with internal teams and external vendors.

• Certifications (Preferred):

  • QRadar Certification (e.g., IBM Certified Associate Administrator QRadar)

  • LogRhythm Certified Security Analyst (LRSA) or Admin (LRSE)

  • CISSP, CEH, GCIA, GCIH, or similar certifications are a plus.

• Other:

  • Willingness to work in shifts and handle on-call rotation.

  • Ability to work under pressure and handle multiple incidents simultaneously.

Nice to Have:

• Knowledge of scripting (Python, Bash, PowerShell) for automation and log parsing.

• Experience in SOAR tools like IBM Resilient, LogRhythm SmartResponse, or similar.

• Understanding of compliance frameworks: PCI-DSS, ISO 27001, NIST, etc.