7 Event Correlation Jobs

About the Role We are seeking a skilled SIEM Administrator to manage and optimize different SIEM solutions. The ideal candidate will be responsible for system administration, log integration, troubleshooting, Deployment, Implementation and maintaining security posture for the organization. Key Responsibilities SIEM Administration: Install, configure, maintain, and upgrade SIEM components. (IBM Qradar SIEM, DNIF, Splunk & Securonix). Log Management: Onboard, parse, and normalize logs from various data sources (firewalls, servers, databases, applications, etc.) Custom log source integration and parser development. System Monitoring & Troubleshooting: Ensure SIEM tools are functioning optimally. Monitor & regular health check perform for SIEM tools. troubleshoot system errors and resolve performance issues. Conduct regular performance tuning and capacity planning Perform root cause analysis for system failures & performance issues. Optimize system performance and storage management for SIEM Integration & Automation : Integrate third-party security tools (firewalls, EDR, threat intelligence feeds) with SIEM. Compliance & Audits: Ensure log retention policies comply with regulatory standards. Develop & enforce SIEM access controls & user roles/permissions. Documentation & Training: Document system configurations, SOP’s & troubleshooting documents. Prepare monthly/ weekly reports and PPT, onboarding documentation as per business/ client requirement. Dashboard & Report Development: Create & maintain custom dashboards & reports Optimize searches & reports for performance and efficiency. Other Knowledge Base: Hands on experience with Linux OS & Windows OS Basic to mediator level knowledge in networking skills Should be familiar with Azure, AWS or GCP products Required Skills & Qualifications: B.E/B.Tech degree in computer science, Cybersecurity, or related field (preferred). 1-3 years experience as Soc Admin Strong knowledge of SIEM architecture, log sources, and event correlation. Proficiency in log management, regular expressions, and network security concepts. Experience integrating SIEM with various security tools (firewalls, IDS/IPS, antivirus, etc.). Scripting knowledge (Python, Bash, or PowerShell) is a plus. Training or Certificate on Splunk or IBM Qradar Preferred. Soft Skills: Strong analytical and problem-solving skills. Excellent communication and documentation abilities. Ability to work independently and in a team. Must Have Skills: Hands-on experience with SIEM tools like IBM QRadar, Splunk, Securonix, LogRhythm, Microsoft Sentinel, DNIF etc. Proficiency in IBM Qradar & Splunk administration Configuring, maintaining, and troubleshooting SIEM solutions. Log source integration, parsing, and normalization. Strong knowledge of TCP/IP, DNS, HTTP, SMTP, FTP, VPNs, proxies, and firewall rules. Familiarity with Linux and Windows system administration.

IBM Consulting Overview In this role, you'll work in one of IBM Consulting Client Innovation Centers (Delivery Centers), where deep technical and industry expertise is delivered to a wide range of public and private sector clients globally. These delivery centers offer locally based skills and technical expertise to drive innovation and new technology adoption. Your Role and Responsibilities As a Senior SOC Analyst, you will be part of the 24/7 Cyber Fusion Center (CFC), responsible for monitoring, triaging, analyzing, and escalating incidents in a dynamic technology environment. Your role includes: Evaluating data collected from cyber operations tools (SIEM, IDS/IPS, firewalls, network traffic logs, cloud platforms, and SOAR solutions). Detecting and mitigating threats in both structured and unstructured situations. Conducting log, identity, cloud, network, and root cause analysis to improve security posture. Required Education Bachelor's Degree Preferred Education Master's Degree Required Technical and Professional Expertise Expertise in email security, system events, network events, and log analysis. Strong knowledge of TCP/IP network security, OS security, and modern attack techniques. Event analysis experience in AWS and Azure environments. Ability to characterize and analyze alerts to assess potential threats. Perform event correlation by gathering information from various sources to understand and determine attack patterns. Preferred Technical and Professional Experience Document and escalate events/incidents with potential impact on environments. Provide daily summary reports of cyber operations events and activity. Perform cyber operations trend analysis and reporting. Conduct high-quality triage and analysis for all alerts. Demonstrate effective written and verbal communication skills, engaging in team chats, calls, and in-person discussions. Constantly contribute to SOC runbooks/playbooks. Recommend improvements to automation, alert fidelity, and security controls. Experience with CyberArk, Azure SSO, and enterprise security technologies.

Introduction In this role, youll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology. In this role, youll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology. Your role and responsibilities Senior SOC Analyst works within the 24/7 Cyber Fusion Center (CFC). The role is responsible for monitoring, triaging, analyzing and escalating incidents and events in the technology environment. This Senior SOC Analyst will evaluate data collected from a variety of cyber operations tools (e.g., SIEM, IDS/IPS, Firewalls, network traffic logs, cloud platforms, and SOAR solutions to analyze events that occur within the environments for the purposes of detecting and mitigating threats in both structured and unstructured situations. Individuals in this role are proactive and well-versed in log, identity, cloud, network, and root cause analysis Required education Bachelors Degree Preferred education Masters Degree Required technical and professional expertise Senior SOC Analyst must have skills in email security, system event, network event, log analysis. Knowledge of common IT and security technology concepts with emphasis on TCP/IP network security, operating system security, modern attack and exploitation techniques is important. Experience conducting event analysis in AWS and Azure environments. Characterize and analyse alerts to understand potential and active threats. Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the nature and characteristics of events that could be an observed attack Preferred technical and professional experience Document and escalate events/incidents that may cause adverse impact to the environment. Provide daily summary reports of events and activity relevant to cyber operations. Perform Cyber Operations trend analysis and reporting. Perform high-quality triage and thorough analysis for all alerts. Demonstrate effective communication skills both written and verbal. Actively engage in team chats, calls, and face to face settings. Constantly contribute to SOC runbooks/playbooks Recommend improvements to automations, alert fidelity, and security controls. Preferred Experience: Experience / Knowledge in CyberArk, Azure SSO. Knowledge of enterprise web technologies, security, and cutting-edge infrastructures

About Gruve Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks. About the Role We are seeking a skilled SIEM Administrator to manage and optimize different SIEM solutions. The ideal candidate will be responsible for system administration, log integration, troubleshooting, Deployment, Implementation and maintaining security posture for the organization. Key Responsibilities SIEM Administration: Install, configure, maintain, and upgrade SIEM components. (IBM Qradar SIEM, DNIF, Splunk & Securonix). Log Management: Onboard, parse, and normalize logs from various data sources (firewalls, servers, databases, applications, etc.) Custom log source integration and parser development. System Monitoring & Troubleshooting: Ensure SIEM tools are functioning optimally. Monitor & regular health check perform for SIEM tools. troubleshoot system errors and resolve performance issues. Conduct regular performance tuning and capacity planning Perform root cause analysis for system failures & performance issues. Optimize system performance and storage management for SIEM Integration & Automation : Integrate third-party security tools (firewalls, EDR, threat intelligence feeds) with SIEM. Compliance & Audits: Ensure log retention policies comply with regulatory standards. Develop & enforce SIEM access controls & user roles/permissions. Documentation & Training: Document system configurations, SOP s & troubleshooting documents. Prepare monthly/ weekly reports and PPT, onboarding documentation as per business/ client requirement. Dashboard & Report Development: Create & maintain custom dashboards & reports Optimize searches & reports for performance and efficiency. Other Knowledge Base: Hands on experience with Linux OS & Windows OS Basic to mediator level knowledge in networking skills Should be familiar with Azure, AWS or GCP products Required Skills & Qualifications: B.E/B.Tech degree in computer science, Cybersecurity, or related field (preferred). 1-3 years experience as Soc Admin Strong knowledge of SIEM architecture, log sources, and event correlation. Proficiency in log management, regular expressions, and network security concepts. Experience integrating SIEM with various security tools (firewalls, IDS/IPS, antivirus, etc.). Scripting knowledge (Python, Bash, or PowerShell) is a plus. Training or Certificate on Splunk or IBM Qradar Preferred. Soft Skills: Strong analytical and problem-solving skills. Excellent communication and documentation abilities. Ability to work independently and in a team. Must Have Skills: Hands-on experience with SIEM tools like IBM QRadar, Splunk, Securonix, LogRhythm, Microsoft Sentinel, DNIF etc. Proficiency in IBM Qradar & Splunk administration Configuring, maintaining, and troubleshooting SIEM solutions. Log source integration, parsing, and normalization. Strong knowledge of TCP/IP, DNS, HTTP, SMTP, FTP, VPNs, proxies, and firewall rules. Familiarity with Linux and Windows system administration. Why Gruve At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you re passionate about technology and eager to make an impact, we d love to hear from you. Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.

About the Role We are seeking a skilled SIEM Administrator to manage and optimize different SIEM solutions. The ideal candidate will be responsible for system administration, log integration, troubleshooting, Deployment, Implementation and maintaining security posture for the organization. Key Responsibilities SIEM Administration: Install, configure, maintain, and upgrade SIEM components. (IBM Qradar SIEM, DNIF, Splunk & Securonix). Log Management: Onboard, parse, and normalize logs from various data sources (firewalls, servers, databases, applications, etc.) Custom log source integration and parser development. System Monitoring & Troubleshooting: Ensure SIEM tools are functioning optimally. Monitor & regular health check perform for SIEM tools. troubleshoot system errors and resolve performance issues. Conduct regular performance tuning and capacity planning Perform root cause analysis for system failures & performance issues. Optimize system performance and storage management for SIEM Integration & Automation : Integrate third-party security tools (firewalls, EDR, threat intelligence feeds) with SIEM. Compliance & Audits: Ensure log retention policies comply with regulatory standards. Develop & enforce SIEM access controls & user roles/permissions. Documentation & Training: Document system configurations, SOP’s & troubleshooting documents. Prepare monthly/ weekly reports and PPT, onboarding documentation as per business/ client requirement. Dashboard & Report Development: Create & maintain custom dashboards & reports Optimize searches & reports for performance and efficiency. Other Knowledge Base: Hands on experience with Linux OS & Windows OS Basic to mediator level knowledge in networking skills Should be familiar with Azure, AWS or GCP products Required Skills & Qualifications: B.E/B.Tech degree in computer science, Cybersecurity, or related field (preferred). 1-3 years experience as Soc Admin Strong knowledge of SIEM architecture, log sources, and event correlation. Proficiency in log management, regular expressions, and network security concepts. Experience integrating SIEM with various security tools (firewalls, IDS/IPS, antivirus, etc.). Scripting knowledge (Python, Bash, or PowerShell) is a plus. Training or Certificate on Splunk or IBM Qradar Preferred. Soft Skills: Strong analytical and problem-solving skills. Excellent communication and documentation abilities. Ability to work independently and in a team. Must Have Skills: Hands-on experience with SIEM tools like IBM QRadar, Splunk, Securonix, LogRhythm, Microsoft Sentinel, DNIF etc. Proficiency in IBM Qradar & Splunk administration Configuring, maintaining, and troubleshooting SIEM solutions. Log source integration, parsing, and normalization. Strong knowledge of TCP/IP, DNS, HTTP, SMTP, FTP, VPNs, proxies, and firewall rules. Familiarity with Linux and Windows system administration.

Who We Are At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities. The Role Infrastructure Specialists at Kyndryl are project-based subject matter experts in all things infrastructure good at providing analysis, documenting and diagraming work for hand-off, offering timely solutions, and generally figuring it out. This is a hands-on role where your feel for the interaction between a system and its environment will be invaluable to every one of your clients. There are two halves to this role: First, contributing to current projects where you analyze problems and tech issues, offer solutions, and test, modify, automate, and integrate systems. And second, long-range strategic planning of IT infrastructure and operational execution. This role isnt specific to any one platform, so youll need a good feel for all of them. And because of this, youll experience variety and growth at Kyndryl that you wont find anywhere else. Youll be involved early to offer solutions, help decide whether something can be done, and identify the technical and timeline risks up front. This means dealing with both client expectations and internal challenges in other words, there are plenty of opportunities to make a difference, and a lot of people will witness your contributions. In fact, a frequent sign of success for our Infrastructure Specialists is when clients come back to us and ask for the same person by name. Thats the kind of impact you can have! This is a project-based role where youll enjoy deep involvement throughout the lifespan of a project, as well as the chance to work closely with Architects, Technicians, and PMs. Whatever your current level of tech savvy or where you want your career to lead, youll find the right opportunities and a buddy to support your growth. Boredom? Trust us, that wont be an issue. Your future at Kyndryl There are lots of opportunities to gain certification and qualifications on the job, and youll continuously grow as a Cloud Hyperscaler. Many of our Infrastructure Specialists are on a path toward becoming either an Architect or Distinguished Engineer, and there are opportunities at every skill level to grow in either of these directions. Who You Are Youre good at what you do and possess the required experience to prove it. However, equally as important you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused someone who prioritizes customer success in their work. And finally, youre open and borderless naturally inclusive in how you work with others. Required Technical and Professional Expertise Minimum of 7-8 years of experience in setting, configuring and maintaining the ITM and Netcool servers Strong experience and knowledge of ITM, Netcool suite, TEP and TEMs and RTEMs L3 & L4 hands on related to Event & Monitoring support for Netcool, ITM, Zabbix, and ScienceLogic Advanced skills on configuration and troubleshooting of Netcool and ITM Maintain the Netcool servers and user management and associated Incident, Change and Problem handling Knowledge of account and new node registrations on Netcool WebGui Relevant and strong knowledge of auto notifications tools Working knowledge of API user's password reset and certificate renewal, GNM API user and token update activity, maintenance. Experience in configuring Object Server Gateways like JDBC, Uni and Bi-directional Gateway. Working experience of monitoring and event management of heterogeneous environment Implemented transition of monitoring tools from on-premises to cloud M&E Strong skills of working, implementing and troubleshooting IBM Tivoli monitoring servers End-to-end automation of IT service management processes experience and skills. Experience of administration of ITM and Netcool in multi-tier architecture Strong skills in creating business rules, event correlation, deduplication, and enrichment using Netcool Impact Excellent skills in integrations of ITM and Netcool with other third-party tools Hands on experience of ServiceNow and other ticketing tools Manage user accounts, roles and permission to align with organizational requirement Strong knowledge of workflows and IPC like Incident, Problem, and Change Linux/AIX server implementation and troubleshooting experience in large environments. Preferred Technical and Professional Experience Certified professional with relevant experiences Excellent communication skills to interact with multiple Global teams Knowledge of AIX Linux/Windows, Database. Industry certifications desirable In depth knowledge of Amazon cloud hosting architecture with experience with AWS and Azure is a bonus Exceptional judgment and decision-making abilities Familiar with a variety of IT concepts, practices, and procedures Knowledge of design techniques, tools, and principals involved in production of precision technical plans, blueprints, drawings, and models Logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions, or approaches to problems Strong analytical and problem-solving skills with high attention to detail Being You Diversity is a whole lot more than what we look like or where we come from, its how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But were not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you and everyone next to you the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. Thats the Kyndryl Way. What You Can Expect With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed. Get Referred! If you know someone that works at Kyndryl, when asked How Did You Hear About Us during the application process, select Employee Referral and enter your contact's Kyndryl email address.

AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation. AtAHEAD, we prioritize creating a culture of belonging,where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD. We are an equal opportunity employer,anddo not discriminatebased onan individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, maritalstatus,or any other protected characteristic under applicable law, whether actual or perceived. We embraceall candidatesthatwillcontribute to the diversification and enrichment of ideas andperspectives atAHEAD. The Event Manager is responsible for managing and optimizing event monitoring processes, focusing on alert tuning and correlation to enhance the efficiency and effectiveness of IT operations. This role plays a key part in ensuring that alerts are actionable, reducing noise, and improving response times. The Event Manager collaborates closely with IT teams, clients, and stakeholders to refine monitoring strategies and ensure alignment with business priorities. The ideal candidate has a strong background in IT event management, monitoring tools, and automation, with a keen focus on continuous improvement to drive operational excellence. Responsibilities: Strategic Planning Develop and implement strategies for alert tuning and event correlation to monitor new technologies, improve monitoring effectiveness and reduce unnecessary noise. Collaborate with clients to understand business requirements and ensure event management aligns with operational goals. Continuously evaluate and refine event management processes to improve response times and incident resolution. Optimization and Analysis Analyze client environments and monitoring data to identify patterns, redundancies, and inefficiencies in alerts. Optimize alert thresholds, rules, and correlation logic to ensure alerts are actionable and relevant. Partner with clients and internal teams to implement best practices for event management and monitoring. Leverage automation to improve event correlation and reduce manual intervention. Collaboration and Communication Work closely with IT service delivery teams to ensure proper integration and alignment of event management processes with broader IT operations. Act as a liaison between clients, monitoring teams, and leadership to communicate event management improvements and outcomes. Provide recommendations and updates to stakeholders on event optimization initiatives and their impact on service delivery. Operational Excellence Oversee the configuration and maintenance of monitoring tools to ensure optimal performance and alignment with client needs. Ensure adherence to ITIL principles and other relevant frameworks in event management processes. Develop and maintain documentation for event management workflows, alert tuning processes, and correlation strategies. Track and report on event management performance metrics, including alert volumes, false positives, and response times. Training and Enablement Provide training and guidance to internal teams and clients on event management best practices, tools, and processes. Foster a culture of continuous improvement and learning within the event management function. Desired Skills and Experience: 5+ years of experience in IT operations, event management, or monitoring systems, with a focus on optimizing alerts and event correlation. Strong understanding of monitoring tools, with experience in Elastic, LogicMonitor, or ServiceNow preferred . Experience with alert tuning, event correlation, and automation to optimize IT operations. Familiarity with ITIL and Service Management processes (e.g., incident, problem, change management). Strong analytical skills, with the ability to assess data and identify opportunities for improvement. Excellent communication and collaboration skills, with the ability to work effectively with clients and cross-functional teams. Experience with scripting or automation frameworks (e.g., Python, PowerShell) is a plus. Organizational skills, attention to detail, and the ability to manage multiple priorities simultaneously. A proactive mindset focused on problem-solving and driving continuous improvement. Why AHEAD: Through our daily work and internal groups like Moving Women AHEAD and RISE AHEAD, we value and benefit from diversity of people, ideas, experience, and everything in between. We fuel growth by stacking our office with top-notch technologies in a multi-million-dollar lab, by encouraging cross department training and development, sponsoring certifications and credentials for continued learning. USA Employment Benefits include - Medical, Dental, and Vision Insurance - 401(k) - Paid company holidays - Paid time off - Paid parental and caregiver leave - Plus more! See benefits https://www.aheadbenefits.com/ for additional details. The compensation range indicated in this posting reflects the On-Target Earnings (OTE) for this role, which includes a base salary and any applicable target bonus amount. This OTE range may vary based on the candidates relevant experience, qualifications, and geographic location.