22 Ibm Qradar Jobs

About the Role We are seeking a skilled SIEM Administrator to manage and optimize different SIEM solutions. The ideal candidate will be responsible for system administration, log integration, troubleshooting, Deployment, Implementation and maintaining security posture for the organization. Key Responsibilities SIEM Administration: Install, configure, maintain, and upgrade SIEM components. (IBM Qradar SIEM, DNIF, Splunk & Securonix). Log Management: Onboard, parse, and normalize logs from various data sources (firewalls, servers, databases, applications, etc.) Custom log source integration and parser development. System Monitoring & Troubleshooting: Ensure SIEM tools are functioning optimally. Monitor & regular health check perform for SIEM tools. troubleshoot system errors and resolve performance issues. Conduct regular performance tuning and capacity planning Perform root cause analysis for system failures & performance issues. Optimize system performance and storage management for SIEM Integration & Automation : Integrate third-party security tools (firewalls, EDR, threat intelligence feeds) with SIEM. Compliance & Audits: Ensure log retention policies comply with regulatory standards. Develop & enforce SIEM access controls & user roles/permissions. Documentation & Training: Document system configurations, SOP’s & troubleshooting documents. Prepare monthly/ weekly reports and PPT, onboarding documentation as per business/ client requirement. Dashboard & Report Development: Create & maintain custom dashboards & reports Optimize searches & reports for performance and efficiency. Other Knowledge Base: Hands on experience with Linux OS & Windows OS Basic to mediator level knowledge in networking skills Should be familiar with Azure, AWS or GCP products Required Skills & Qualifications: B.E/B.Tech degree in computer science, Cybersecurity, or related field (preferred). 1-3 years experience as Soc Admin Strong knowledge of SIEM architecture, log sources, and event correlation. Proficiency in log management, regular expressions, and network security concepts. Experience integrating SIEM with various security tools (firewalls, IDS/IPS, antivirus, etc.). Scripting knowledge (Python, Bash, or PowerShell) is a plus. Training or Certificate on Splunk or IBM Qradar Preferred. Soft Skills: Strong analytical and problem-solving skills. Excellent communication and documentation abilities. Ability to work independently and in a team. Must Have Skills: Hands-on experience with SIEM tools like IBM QRadar, Splunk, Securonix, LogRhythm, Microsoft Sentinel, DNIF etc. Proficiency in IBM Qradar & Splunk administration Configuring, maintaining, and troubleshooting SIEM solutions. Log source integration, parsing, and normalization. Strong knowledge of TCP/IP, DNS, HTTP, SMTP, FTP, VPNs, proxies, and firewall rules. Familiarity with Linux and Windows system administration.

Candidate will be part of the Cyber Defence Group responsible for Implementing and maintaining SIEM for our customers. Candidate will be responsible for understanding the customer requirement, design, Develop and implement scalable SOC management solution (SIEM) for the customer Collaborate with customer team to define and establish logging standards to address specific customer mandated requirements Collaborate with key stakeholders at customer side as well as the SOC team to develop use cases to address specific business needs Lead Log onboarding from customer applications into the SIEM platform Develop connectors / parsers to index and normalize raw logs in the SIEM solution Implement and configure SOAR platform Create reporting templates to meet the requirements of our customers Who are we looking for? This is a technical role in our group and hence we are looking for someone who has 5+ years of experience in implementing and maintaining either PaloAlto Cortex XSIAM or IBM Qradar SIEM Solution. Should have hands on experience in cloud based integration and deployment. You should know any scripting language, preferably Python. Experience deploying and managing a large SIEM deployment in an enterprise or managing a MSSP platform for multiple customers. You should have strong understanding of security concepts, network protocols, application logging models You should have advanced knowledge on use case creation, parser development You should have in-depth understanding of events alerts reported by various data sources such as Windows/Unix systems, applications, databases, and network devices. You should at the minimum possess Vendor specific SIEM certification. You should have at least any of the following certification: RHCE or CCNA or CEH or MCSE If you are interested, please share your updated resume to asampta.zephrin1_ext@ltts.com

Hiring for SOC Analyst in one of our Top Banking company @ Chennai & Hyderabad location Job Title: SOC Analyst Experience : 6 - 9 Years Department: Cybersecurity / Information Security Location: Chennai & Hyderabad Employment Type: Hybrid Mode - 3 days WFO and 2 days WFH . Job Summary: We are seeking a skilled and detail-oriented Security Operations Center (SOC) Analyst to join our cybersecurity team. The SOC Analyst will be responsible for monitoring, detecting, analyzing, and responding to cybersecurity incidents using a variety of tools and techniques. This role is critical to maintaining and improving our organization's security posture by ensuring real-time threat detection and incident response. Key Responsibilities: Monitor security alerts and events from SIEM tools (e.g., Splunk, QRadar, Microsoft Sentinel). Analyze and triage events to determine impact and severity. Investigate security incidents and provide incident reports with detailed analysis. Escalate validated threats and vulnerabilities to the appropriate teams and assist in mitigation efforts. Coordinate with IT teams to ensure containment, eradication, and recovery actions are taken for confirmed incidents. Perform threat intelligence analysis to support proactive detection and defense. Document incident handling procedures and maintain an incident knowledge base. Participate in continuous improvement of SOC operations, including playbooks and automation. Stay current on the latest cybersecurity trends, threats, and tools. Required Qualifications: Bachelor's degree in Computer Science, Information Security, or a related field; or equivalent work experience. 13 years of experience in a SOC or information security role. Experience with SIEM platforms, IDS/IPS, firewalls, and endpoint protection tools. Understanding of TCP/IP, DNS, HTTP, VPN, and network protocols. Knowledge of common threat vectors, MITRE ATT&CK framework, and kill chain. Strong analytical and problem-solving skills. Excellent communication skills and ability to work under pressure. Preferred Qualifications: Certifications such as CompTIA Security+, CEH, GCIA, GCIH, or Splunk Certified Analyst. Experience with scripting (e.g., Python, PowerShell) for automation. Familiarity with cloud security monitoring (e.g., AWS GuardDuty, Azure Defender). Exposure to incident response frameworks and forensic tools. Work Schedule: [24x7 shift-based / Regular business hours / On-call rotation as applicable]

We are seeking a talented and highly motivated Microsoft Sentinel SIEM Engineer to join our Dedicated Defense group. As a key member of our team, you will be responsible for deploying and maintaining Microsoft Security technologies to enhance threat detection, response, and overall security posture. This is an exciting opportunity for an individual with expertise in major SIEM technologies, aiming to help safeguard critical systems and data from evolving cyber threats. Responsibilities: Architect, deploy, and maintain Microsoft Sentinel for SIEM use cases including log ingestion, data normalization, and incident correlation. Manage and optimize Microsoft Defender for Endpoint, Identity, Cloud, Office 365, and other Defender tools to maximize protection and visibility. Develop custom queries,detection rules, workbooks, and automation playbooks to improve threat detection and response efficiency. Lead the design and implementation of security monitoring, including data connectors, analytics rules, and incident automation. Collaborate with threat analysts and incident response teams to triage, investigate, and respond to security alerts and incidents. Provide technical guidance in security best practices, incident response procedures, and threat hunting using Microsoft security tools. Continuously assess the security landscape and recommend improvements to policies, tools, and configurations. In addition to strong technical acumen, the ideal candidate will bring excellent communication and client-facing skills to collaborate directly with customers, understand their security needs, and deliver tailored solutions that align with their risk posture and compliance requirements. Outcomes: Integration & Optimization: Integrate and optimize Microsoft Sentinel to improve visibility and automate threat detection workflows Threat Detection: Utilize Microsoft Sentinel AI-powered analytics to dashboard reports and automate critical reporting functions Automation & Playbook Development: Develop automated detection and response playbooks based on Microsoft data feeds, streamlining incident management and reducing time to resolution. Collaboration & Knowledge Sharing: Work closely with other security and IT teams to share threat intelligence, optimize SIEM use, and contribute to security strategy development. Reporting & Documentation: Develop and maintain dashboards, reports, and documentation related to Microsoft Sentinel deployment, performance, and incident metrics. Continuous Improvement: Continuously evaluate Microsoft Sentinel capabilities and other relevant security tools to recommend improvements and refine detection capabilities. Required Qualifications: 5 years of SIEM experience in Splunk, Qradar, Microsoft, and comparable SIEMS Hands-on experience with other SIEM platforms (Splunk, IBM QRadar, Microsoft Sentinel, etc.) and integrating them with endpoint security tools. Strong understanding of cybersecurity principles, threat detection, and SIEM management. Experience working with Sentinel One Core EDR technology Proficiency in scripting and automation (Python, PowerShell, etc.). Experience with cloud security (AWS, Azure, GCP) and cloud-native SIEM solutions is a plus. Bachelor’s degree in computer science, Information Security, or a related field (or equivalent experience). Preferred Qualifications: 5 years of experience in cybersecurity in a SOC or security engineering capacity. Proven hands-on expertise with Microsoft Sentinel and Microsoft Defender suite. Deep knowledge of Kusto Query Language (KQL) and building custom analytics rules and workbooks in Sentinel. Strong experience in customer-facing roles. Experience with incident response, threat detection, and threat hunting techniques. Strong understanding of cloud security, especially in Azure environments. Familiarity with MITRE ATT&CK, NIST, and other security frameworks. Experience integrating Sentinel with third-party solutions (e.g., threat intel feeds, ticketing systems).

Job Description: Were searching for Senior Security Engineer to assist our 247 managed security operations center. This role is in Integration Department, responsible for the strategic, technical, and operational direction of the Integration Team Responsibilities: • IBM QRadar/ Sentinel / Datadog , Integration and content management, Event Collector deployment/upgradation. • Troubleshooting skills at all layers of OSI Model. • Onboard all standard devices to QRadar, such as Windows Security Events, Firewalls, Antivirus, Proxy etc. • Onboard non-standard devices by researching the product and coordinating with different teams. Such as application onboarding or onboarding new security products. • Developing and Deploying connectors and scripts for log collection for cloud-based solutions. • Detailed validation of parsing and normalization of logs before handing over to SOC team will be day to day Job. • Coordinate between customer and internal teams for issues related to log collection. • The engineer needs to make sure that various team have completed their tasks, such as log validation, Log Source Not Reporting (LSNR Automation), Content Management before the Log Source is in production. • Troubleshooting API based log sources. • Documentation of integrations and versioning Essential Skills: • Prior SIEM administration and integration experience ( QRadar , Splunk , Datadog , Azure Sentinel) • Network and Endpoint Device integration and administration . • Knowledge of Device Integration : Log , Flows collection • Knowledge of Regular Expression and scripting language (ex: Bash , Python , PowerShell ), API implementation and development. • Knowledge of Parser creation and maintenance . • Knowledge of Cloud technologies and implementation . • Excellent in verbal and written communication . • Hands on experience in Networking , Security Solutions and Endpoint Administration and operations. Additional Desired Skills: • Excel, formulation • Documentation and presentation • Quick response on issues and mail with prioritization • Ready to work in 24x7 environment Education Requirements & Experience: • BE/B.Tech, BCA • Experience Level: 3+Year

Diverse Lynx is looking for SOC Lead to join our dynamic team and embark on a rewarding career journey. Lead the SOC team and manage the organization's security operations Ensure that the SOC is staffed with skilled analysts and that the SOC team is executing their tasks efficiently and effectively Monitor and respond to security events and alerts to detect potential security incidents Manage security incidents and provide guidance on remediation Develop and maintain incident response plans and playbooks Collaborate with cross-functional teams to ensure security technologies, policies, and procedures align with business needs Develop and maintain security policies, standards, and procedures Conduct security awareness training for employees and contractors Experience with security information and event management (SIEM) tools such as Splunk or QRadar Excellent problem-solving and analytical skills Strong communication and interpersonal skills

Roles & Responsibilities: We are seeking an experienced Vulnerability Management Engineer to join our Security Operations team. The ideal candidate will be responsible for identifying, tracking, and remediating vulnerabilities across cloud and on-premises environments, while also supporting broader security operations initiatives. Vulnerability Remediation & Patch Management: Work with InfoSec and IT teams to coordinate and track the remediation of vulnerabilities across the organization. Provide hands-on support in implementing and verifying patches for critical vulnerabilities on Windows, Linux, and cloud systems. Coordinate with infrastructure and application teams to validate patch readiness, test deployments, and confirm successful remediation. Ensure timely resolution of high and critical vulnerabilities in line with internal SLAs. Reporting & Compliance: Create and maintain weekly remediation reports outlining prioritization, risk classification, remediation status, and compliance metrics. Develop dashboards, trackers, and compliance summaries using internal tools (e.g., Excel, Power BI, or ServiceNow). Track patch management lifecycle from detection to closure with detailed documentation and metrics. Security Operations Support: Continuously monitor security alerts and events via tools like QRadar SIEM, Palo Alto Cortex XDR, and others to identify indicators of compromise. Investigate and respond to security incidents, including endpoint and email threats, escalating as needed. Tune SIEM rules and threat detection logic to reduce false positives and improve response efficiency. Stay updated on emerging threats, vulnerability disclosures, and zero-day advisories to support proactive mitigation. Policy & Documentation: Maintain detailed documentation of vulnerability management procedures, remediation efforts, patch testing results, and lessons learned. Support compliance initiatives (e.g., ISO 27001, HIPAA, GDPR) by ensuring vulnerability data and remediation timelines meet audit requirements. Qualifications: Experience : 6+ years in a Security Operations or Vulnerability Management role. Education : Bachelor's degree in Computer Science, Information Security, or a related field. Certifications (preferred): CISSP, CEH, CISM, CompTIA Security+, or equivalent. Technical Skills : Experience with tools like IBM QRadar, Palo Alto Cortex XDR, Qualys/Tenable/Nessus. Familiarity with cloud security in Azure and Microsoft 365. Strong understanding of patch management, CVSS scoring, and vulnerability lifecycle. Soft Skills : Strong analytical and communication skills. Ability to work cross-functionally with IT and infrastructure teams. Adaptability to changing threat environments and security priorities. Nice to Have: Experience building Power BI dashboards or using reporting tools to visualize patch status. Familiarity with ServiceNow or other ITSM platforms for tracking remediation tasks.

Roles and responsibilities: Design & Implementation: Understand the customer requirement, Architect, Design and implement scalable SIEM solutions. Develop Design documentations HLD and LLD SIEM components Installation Configure SIEM platform as per best practices. SIEM Operations: Lead Log source onboarding activities Develop / tune parsers to normalize raw logs sent to SIEM solution Create reporting templates to meet customer requirements Configuration management User management activities Build integrations with upstream and downstream applications for Orchestration and automation of Security responses Platform troubleshooting activities / Work with OEM to fix product level issues Health Monitoring Use case Management: Collaborate with key stakeholders at customer side as well as the SOC team to develop use cases to detect cyber threats. Develop Rules / parsers / reference data / analytics to implement the use cases in SIEM platform. Continues Use case development, testing and tuning to ensure detection logic is relevant and false positive rate is reduced. Preferred Qualifications 6+ years of experience deploying and managing large SIEM deployment for enterprise customers or managing MSSP platforms. Preferred SIEM experience: Microsoft Sentinel & IBM QRadar Experience working in SOC analysis / Incident response teams. Strong understanding of cybersecurity technologies, protocols, and applications Strong knowledge in MITRE attack framework and expertise in developing detections based on the framework. QRadar administration / deployment professional certifications, Microsoft Sentinel certifications

About Gruve Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks. About the Role We are seeking a skilled SIEM Administrator to manage and optimize different SIEM solutions. The ideal candidate will be responsible for system administration, log integration, troubleshooting, Deployment, Implementation and maintaining security posture for the organization. Key Responsibilities SIEM Administration: Install, configure, maintain, and upgrade SIEM components. (IBM Qradar SIEM, DNIF, Splunk & Securonix). Log Management: Onboard, parse, and normalize logs from various data sources (firewalls, servers, databases, applications, etc.) Custom log source integration and parser development. System Monitoring & Troubleshooting: Ensure SIEM tools are functioning optimally. Monitor & regular health check perform for SIEM tools. troubleshoot system errors and resolve performance issues. Conduct regular performance tuning and capacity planning Perform root cause analysis for system failures & performance issues. Optimize system performance and storage management for SIEM Integration & Automation : Integrate third-party security tools (firewalls, EDR, threat intelligence feeds) with SIEM. Compliance & Audits: Ensure log retention policies comply with regulatory standards. Develop & enforce SIEM access controls & user roles/permissions. Documentation & Training: Document system configurations, SOP s & troubleshooting documents. Prepare monthly/ weekly reports and PPT, onboarding documentation as per business/ client requirement. Dashboard & Report Development: Create & maintain custom dashboards & reports Optimize searches & reports for performance and efficiency. Other Knowledge Base: Hands on experience with Linux OS & Windows OS Basic to mediator level knowledge in networking skills Should be familiar with Azure, AWS or GCP products Required Skills & Qualifications: B.E/B.Tech degree in computer science, Cybersecurity, or related field (preferred). 1-3 years experience as Soc Admin Strong knowledge of SIEM architecture, log sources, and event correlation. Proficiency in log management, regular expressions, and network security concepts. Experience integrating SIEM with various security tools (firewalls, IDS/IPS, antivirus, etc.). Scripting knowledge (Python, Bash, or PowerShell) is a plus. Training or Certificate on Splunk or IBM Qradar Preferred. Soft Skills: Strong analytical and problem-solving skills. Excellent communication and documentation abilities. Ability to work independently and in a team. Must Have Skills: Hands-on experience with SIEM tools like IBM QRadar, Splunk, Securonix, LogRhythm, Microsoft Sentinel, DNIF etc. Proficiency in IBM Qradar & Splunk administration Configuring, maintaining, and troubleshooting SIEM solutions. Log source integration, parsing, and normalization. Strong knowledge of TCP/IP, DNS, HTTP, SMTP, FTP, VPNs, proxies, and firewall rules. Familiarity with Linux and Windows system administration. Why Gruve At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you re passionate about technology and eager to make an impact, we d love to hear from you. Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.

Job Description: Candidate will be part of the Cyber Defense Group responsible for Implementing and maintaining SIEM for our customers. SME with sound knowledge in SIEM Engineering and SOC operations to provide governance support for customer from SOC perspective. Candidate will be responsible for understanding the customer requirement, design, develop and implement scalable SOC management solution (SIEM) for the customer. Collaborate with customer team to define and establish logging standards to address specific customer mandated requirements. Collaborate with key stakeholders at customer side as well as the SOC team to develop use cases to address specific business needs. Lead cloud-based SIEM deployments and onboarding cloud data sources. Develop connectors / parsers to index and normalize raw logs in the SIEM solution. Who are we looking for? This is a technical role in our group and hence we are looking for someone who has 5+ years of experience in implementing and maintaining either PaloAlto Cortex XSIAM or IBM Qradar SIEM Solution. Should have hands-on experience in cloud-based integration and deployment. Experience deploying and managing a large SIEM deployment in an enterprise or managing a MSSP platform for multiple customers. You should have strong understanding of security concepts, network protocols, application logging models. You should have advanced knowledge on use case creation, parser development. You should have in-depth understanding of events alerts reported by various data sources such as Windows/Unix systems, applications, databases, and network devices. You should at the minimum possess Vendor specific SIEM certification. You should have at least any of the following certification: RHCE or CCNA or CEH or MCSE

About the Role We are seeking a skilled SIEM Administrator to manage and optimize different SIEM solutions. The ideal candidate will be responsible for system administration, log integration, troubleshooting, Deployment, Implementation and maintaining security posture for the organization. Key Responsibilities SIEM Administration: Install, configure, maintain, and upgrade SIEM components. (IBM Qradar SIEM, DNIF, Splunk & Securonix). Log Management: Onboard, parse, and normalize logs from various data sources (firewalls, servers, databases, applications, etc.) Custom log source integration and parser development. System Monitoring & Troubleshooting: Ensure SIEM tools are functioning optimally. Monitor & regular health check perform for SIEM tools. troubleshoot system errors and resolve performance issues. Conduct regular performance tuning and capacity planning Perform root cause analysis for system failures & performance issues. Optimize system performance and storage management for SIEM Integration & Automation : Integrate third-party security tools (firewalls, EDR, threat intelligence feeds) with SIEM. Compliance & Audits: Ensure log retention policies comply with regulatory standards. Develop & enforce SIEM access controls & user roles/permissions. Documentation & Training: Document system configurations, SOP’s & troubleshooting documents. Prepare monthly/ weekly reports and PPT, onboarding documentation as per business/ client requirement. Dashboard & Report Development: Create & maintain custom dashboards & reports Optimize searches & reports for performance and efficiency. Other Knowledge Base: Hands on experience with Linux OS & Windows OS Basic to mediator level knowledge in networking skills Should be familiar with Azure, AWS or GCP products Required Skills & Qualifications: B.E/B.Tech degree in computer science, Cybersecurity, or related field (preferred). 1-3 years experience as Soc Admin Strong knowledge of SIEM architecture, log sources, and event correlation. Proficiency in log management, regular expressions, and network security concepts. Experience integrating SIEM with various security tools (firewalls, IDS/IPS, antivirus, etc.). Scripting knowledge (Python, Bash, or PowerShell) is a plus. Training or Certificate on Splunk or IBM Qradar Preferred. Soft Skills: Strong analytical and problem-solving skills. Excellent communication and documentation abilities. Ability to work independently and in a team. Must Have Skills: Hands-on experience with SIEM tools like IBM QRadar, Splunk, Securonix, LogRhythm, Microsoft Sentinel, DNIF etc. Proficiency in IBM Qradar & Splunk administration Configuring, maintaining, and troubleshooting SIEM solutions. Log source integration, parsing, and normalization. Strong knowledge of TCP/IP, DNS, HTTP, SMTP, FTP, VPNs, proxies, and firewall rules. Familiarity with Linux and Windows system administration.

Managed Services SOC Manager Job Summary: The Security Operations Center (SOC) Security L-2 Analyst serves in a SOC team, is responsible for conducting information security investigations as a result of security incidents identified by the Level-1 security analysts who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone). The L2 SOC Security Analyst is expected to have a solid understanding of information security and computer systems concepts and should be ready to work in shifts. An engineer in this position act as a point of escalation for Level-1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques. Job Description : Responsible for conducting information security investigations as a result of security incidents identified by the Level 1 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone), Act as a point of escalation for Level-1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques. Should have experience in Developing new correlation rules & Parser writing Experience in Log source integration Act as the lead coordinator to individual information security incidents. Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, Procedures) in support of technologies managed by the Security Operations Center. Document incidents from initial detection through final resolution. Participate in security incident management and vulnerability management processes. Coordinate with IT teams on escalations, tracking, performance issues, and outages. Works as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats. Communicate effectively with customers, teammates, and management. Prepare Monthly Executive Summary Reports for managed clients and continuously improve their content and presentation. Provide recommendations in tuning and optimization of security systems, SOC security process, procedures and policies. Define, create and maintain SIEM correlation rules, customer build documents, security process and procedures. Follow ITIL practices regarding incident, problem and change management. Staying up-to-date with emerging security threats including applicable regulatory security requirements. Maintain an inventory of the procedures used by the SOC and regularly evaluate the SOC procedures and add, remove, and update the procedures as appropriate Publish weekly reports to applicable teams Generate monthly reports on SOC activity Secondary skills like AV, HIPS, DCS, VA/ PT desirable Required Technical Expertise Must have experience in SIEM Management tool (QRADAR) Should have certifications like, ITIL, CCNA, CEH, VA (Product) Certification, CISM Process and Procedure adherence General network knowledge and TCP/IP Troubleshooting Ability to trace down an endpoint on the network, based on ticket information Familiarity with system log information and what it means Understanding of common network services (web, mail, DNS, authentication) Knowledge of host based firewalls, Anti-Malware, HIDS General Desktop OS and Server OS knowledge TCP/IP, Internet Routing, UNIX / LINUX & Windows NT

Role & responsibil Key Responsibilities: SIEM Administration: Install, configure, maintain, and upgrade SIEM components. (IBM Qradar SIEM, DNIF, Splunk & Securonix) Log Management: Onboard, parse, and normalize logs from various data sources (firewalls, servers, databases, applications, etc.) Custom log source integration and parser development. System Monitoring & Troubleshooting: Ensure SIEM tools are functioning optimally. Monitor & regular health check perform for SIEM tools. troubleshoot system errors and resolve performance issues. Conduct regular performance tuning and capacity planning Perform root cause analysis for system failures & performance issues. Optimize system performance and storage management for SIEM Integration & Automation : Integrate third-party security tools (firewalls, EDR, threat intelligence feeds) with SIEM. Compliance & Audits: Ensure log retention policies comply with regulatory standards. Develop & enforce SIEM access controls & user roles/permissions. Documentation & Training: Document system configurations, SOPs & troubleshooting documents. Prepare monthly/ weekly reports and PPT, onboarding documentation as per business/ client requirement. Dashboard & Report Development: Create & maintain custom dashboards & reports Optimize searches & reports for performance and efficiency. Other Knowledge Base: Hands on experience with Linux OS & Windows OS Basic to mediator level knowledge in networking skills Should be familiar with Azure, AWS or GCP products Required Skills & Qualifications: Bachelors degree in computer science, Cybersecurity, or related field (preferred). Strong knowledge of SIEM architecture, log sources, and event correlation. Proficiency in log management, regular expressions, and network security concepts. Experience integrating SIEM with various security tools (firewalls, IDS/IPS, antivirus, etc.). Scripting knowledge (Python, Bash, or PowerShell) is a plus. Training or Certificate on Splunk or IBM Qradar Preferred. Soft Skills: Strong analytical and problem-solving skills. Excellent communication and documentation abilities. Ability to work independently and in a team. Must Have Skills: Hands-on experience with SIEM tools like IBM QRadar, Splunk, Securonix, LogRhythm, Microsoft Sentinel, DNIF etc. Proficiency in IBM Qradar & Splunk administration Configuring, maintaining, and troubleshooting SIEM solutions. Log source integration, parsing, and normalization. Strong knowledge of TCP/IP, DNS, HTTP, SMTP, FTP, VPNs, proxies, and firewall rules. Familiarity with Linux and Windows system administration.

Key Responsibilities: Strong knowledge and Minimum 5 years Hands on Experience in 3 or more areas of security like (Security Incident and Event Management (SIEM) Qradar along with SOAR & TIP: Q Radar / Vulnerability Assessment Scanner(VAS): Rapid 7 / Deception Technology). Experience in construction of SIEM content required to produce Content Outputs (e.g., filters, active lists, correlation rules, reports, report templates, queries, trends, variables) Experience in packet level analysis Experience in Threat Hunting Experience in Designing and deploying use cases for SIEM and other security devices. Continuously monitor security alerts and events to identify potential security incidents or threats. Develop and implement incident response plans to address security breaches and mitigate potential damage. Conduct regular vulnerability assessment and penetration testing to identify and remediate security weaknesses. Maintain documentation of security procedures, incident reports and security policies. Stay updated on the latest cybersecurity threats and trends to proactively defend against emerging threats. Manage and maintain security tools such as SIEM, DAM, VAS and Deception technology. Monitoring of Qradar SIEM and investigating/closing out offenses. Finetuning configurations of the security solutions/components obtaining optimum usage of the system as per the client requirement. Manage the Analytics, Trending and new use case creation, log source and SLA management & reporting. Creating custom rules and configurations to tailor the SIEM solution to the client specific security needs. Degree in BE/B.Tech/M.Tech/ MCA in IT/Computer Science/ Electronics & Communication/ Electronics

Responsible for operationalization of new security platforms to enable security operations Center to stay ahead of emerging and current threats. Security Information Event Management & Analytics Platforms integration Trellix SIEM(Mcafee) Build Co relation rules from different integrated sources that drive security analytics and incident response. Custom integration of Log sources and SIEM content development. Act as a Subject Matter Expert for Onpremise SIEM solution.. Configure and troubleshoot Mcfaee SIEM components and related functionalities. Plan and onboard different data sources such as: Windows, linux, AD, Firewall, other security tools integration. Candidates with prior experience of setting up security operations from scratch would have added advantage. Understand business requirements from the client and translate them into technical deliverables within Cyber Security domain. Creating parsers for Unknown events, Identify Security Events and Co Relation Rules. Manage the daily/weekly/monthly SOC metrics reporting for the assigned set of clients. Build custom use cases, dashboards, reports as per the requirement from client and internal stakeholders. Proven history of maturing SOC from Initial to Optimised level of CMM maturity model. Skills Required Must Have s 6+ years of experience in IT and 6+ years in Cyber Security. Hands on experience on On premise SIEM like IBM QRadar, Mcafee SIEM, Trellix SIEM including creation of custom queries, detection rules. SIEM Trellix SIEM, QRadar, Splunk Thorough understanding of various industry leading cloud native SIEM architecture, pricing and technical knowhow. Knowledge about various threat vectors and attackers TTPs. In depth knowledge of Active Directory. Excellent communication skills with ability to lead discussions with C level executives. Key Attribute Ability to work collaboratively in a fast paced environment. Continuous learner with a proactive approach to stay updated on industry trends. Strong problem solving skills and ability to make sound decisions under pressure. Customer facing with good written skills and strong communication skills at all levels. May be required to participate in out of hours on call rota. Ability to consistently deliver to deadlines while prioritizing competing demands for time. Qualifications Bachelors degree in information technology or related field. Relevant certifications (CISSP, CEH) Working knowledge on any other SIEM tool viz, Trellix SIEM, Splunk, QRadar etc.

Job Title IDAM presales and Platform Responsibilities A day in the life of an Infoscion As part of the Infosys consulting team, your primary role would be to get to the heart of customer issues, diagnose problem areas, design innovative solutions and facilitate deployment resulting in client delight. You will develop a proposal by owning parts of the proposal document and by giving inputs in solution design based on areas of expertise. You will plan the activities of configuration, configure the product as per the design, conduct conference room pilots and will assist in resolving any queries related to requirements and solution design You will conduct solution/product demonstrations, POC/Proof of Technology workshops and prepare effort estimates which suit the customer budgetary requirements and are in line with organization’s financial guidelines Actively lead small projects and contribute to unit-level and organizational initiatives with an objective of providing high quality value adding solutions to customers. If you think you fit right in to help our clients navigate their next in their digital transformation journey, this is the place for you! Technical and Professional Requirements: Primary skills:Domain->Turbomachinery->Steam Turbine->Rotor,IDAM,Technology->Identity Management->IDAM-Design , work flow , Implementation,Technology->Infrastructure Security->Cloud Security,Technology->Infrastructure Security->SOC Operations,Technology->Infrastructure Security->Security Incident and Event Management (SIEM),Technology->Infrastructure Security->Security Incident and Event Management (SIEM) Preferred Skills: IDAM Technology->Infrastructure Security->Cloud Security Technology->Infrastructure Security->Security Incident and Event Management (SIEM) Technology->Infrastructure Security->Security Incident and Event Management (SIEM)->IBM Qradar Technology->Identity Management->IDAM-Design work flow Implementation Technology->Infrastructure Security->SOC Operations Technology->Machine Learning->AI/ML Solution Architecture and Design Additional Responsibilities: Ability to develop value-creating strategies and models that enable clients to innovate, drive growth and increase their business profitability Good knowledge on software configuration management systems Awareness of latest technologies and Industry trends Logical thinking and problem solving skills along with an ability to collaborate Understanding of the financial processes for various types of projects and the various pricing models available Ability to assess the current processes, identify improvement areas and suggest the technology solutions One or two industry domain knowledge Client Interfacing skills Project and Team management Educational Requirements Master of Computer Science,MCA,Bachelor Of Computer Science,Bachelor of Engineering,BCA,BTech Service Line Cyber Security * Location of posting is subject to business requirements

Job Title SOC/SIEM Responsibilities A day in the life of an Infoscion As part of the Infosys consulting team, your primary role would be to get to the heart of customer issues, diagnose problem areas, design innovative solutions and facilitate deployment resulting in client delight. You will develop a proposal by owning parts of the proposal document and by giving inputs in solution design based on areas of expertise. You will plan the activities of configuration, configure the product as per the design, conduct conference room pilots and will assist in resolving any queries related to requirements and solution design You will conduct solution/product demonstrations, POC/Proof of Technology workshops and prepare effort estimates which suit the customer budgetary requirements and are in line with organization’s financial guidelines Actively lead small projects and contribute to unit-level and organizational initiatives with an objective of providing high quality value adding solutions to customers. If you think you fit right in to help our clients navigate their next in their digital transformation journey, this is the place for you! Technical and Professional Requirements: Primary skills:Technology->Infrastructure Security->SOC Operations,Technology->Infrastructure Security->Security Incident and Event Management (SIEM),Technology->Infrastructure Security->Security Incident and Event Management (SIEM),Technology->Infrastructure Security->Security Incident and Event Management (SIEM),Technology->Infrastructure Security->Threat Hunting,Technology->Infrastructure Security->Threat Hunting Preferred Skills: Technology->Infrastructure Security->Security Incident and Event Management (SIEM) Technology->Infrastructure Security->Security Incident and Event Management (SIEM)->IBM Qradar Technology->Infrastructure Security->Security Incident and Event Management (SIEM)->Splunk Technology->Infrastructure Security->SOC Operations Technology->Infrastructure Security->Threat Hunting Technology->Infrastructure Security->Threat Hunting->SIEM tools Additional Responsibilities: Ability to develop value-creating strategies and models that enable clients to innovate, drive growth and increase their business profitability Good knowledge on software configuration management systems Awareness of latest technologies and Industry trends Logical thinking and problem solving skills along with an ability to collaborate Understanding of the financial processes for various types of projects and the various pricing models available Ability to assess the current processes, identify improvement areas and suggest the technology solutions One or two industry domain knowledge Client Interfacing skills Project and Team management Educational Requirements MCA,MTech,Intergrated course BCA+MCA,Bachelor of Engineering,Bachelor Of Technology Service Line Cyber Security * Location of posting is subject to business requirements

XDR and SIEM alerts analysis. (Worked on multiple SIEMs - good to have ) Good Understanding of Attacks and its patterns, IOA Good understanding of Security devices logs and its analysis Good in Email communication and proactive in work. Good analytical skills with capability to perform detailed analysis for security events/incidents. Deep dive analysis on EDR platform and well versed with Multiple EDR/XDR platform

Responsible for SIEM and SOAR platform (On-prem/SaaS) in terms of administration and management ( should be currently performing this role). Ensuring SOC platform and service uptime. Efficient management of the SOC platform to ensure proper performance. Log Source Integration to include development of custom parsers for non-supported log sources. Integration with other platforms like Threat Intelligence. Configuration of SOAR plugins, SOAR integration and SOAR Playbooks. Troubleshooting of the SIEM and SOAR platform. Coordinating with OEM TAC for Open issues for Platform and timely getting it resolved. Configuration of rules reports and dashboards based on inputs from monitoring team. Documentation of RCAs for major incidents Other skills required Ability to interact and manage customer stakeholders in the context of platform management. Good team working skills and communication. Technology and skills: SIEM: IBM QRadar OR LogRhythm OR Microsoft Sentinel OR Splunk OR other industry leading SIEM platforms SOAR: Paloalto Cortex XSOAR is preferred or any other industry leading product. Threat Intelligence and Brand Monitoring (Cyble, MISP, etc.) ISTM tools - Freshservice is preferred or any other industry leading product. Scripting: Regex is mandatory, Python (intermediate). OS: Windows and Linux (intermediate skills) Basic working knowledge of industry leading cloud service providers like Microsoft Azure, AWS, GCP, etc. Good knowledge of security domain is mandatory.

Our potential, unleashed India's impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks. Job Description: You will be responsible for managing and maintaining the IBM QRadar Security Information and Event Management (SIEM) platform. Your primary role will involve deploying, configuring, and optimizing the QRadar system to ensure effective security monitoring, event correlation, and threat detection within the organization's infrastructure. You will collaborate with security analysts, network engineers, and other IT teams to implement and maintain a robust security infrastructure. Required Professional Experience Proven experience as a QRadar Admin or similar role, with hands-on experience in implementing and managing QRadar SIEM. Strong understanding of network and system security principles, log management, event correlation, and threat detection Proficient in QRadar deployment, configuration, and administration, including log source management, rule creation, parser and report customization. Familiarity with various network and security technologies, protocols, and tools (firewalls, IDS/IPS, VPN, EDR, etc.). Experience with scripting languages (such as Python, PowerShell) and programming concepts is a plus. How youll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the worlds most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterized by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognize there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyones welcome entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Heres a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organization and the business area youre applying to. Check out recruiting tips from Deloitte professionals.

We are looking for SOC Analyst/Cyber Security Specialist who has got IBM Radar SIEM tool Administration experience Skill Set Positions QRadar - L1 -5 positions 1 to 3 year expreience. Qradar/SONAR - L2 - 2 in QRadar and 1 - Sonar - 3to 5 year experience. QRadar - L3 - more than 5 years of exprerience.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information SOAR Developer JD- Client looking for a strong playbook developer resource for XSOAR/Splunk Phantom/Splunk SOAR who has SOC/CSIRT practical experience along with technical skills for developing playbooks. The resource would be helping to develop playbooks for our existing requirements and also work more directly with our analysts to leveraging their SOC/CSIRT experience to help come up with the best solution to solve the business need. This may require influencing process change on the SOC side to provide the best solution to meet their needs. Looking for well experienced (5+ yrs) XSOAR developer who understand SOC use cases and develop new playbook automations and work on enhancement requests. Palo XSOAR playbook development, Security Incident Response, SOC operations 2. Operation Manger- splunk JD- We are seeking an experienced Operations Manager to oversee and optimize our daily operations. The Operations Manager will be responsible for ensuring that our business processes run smoothly and efficiently, coordinating between various departments, managing resources, and driving continuous improvement initiatives. The ideal candidate will have strong leadership skills, a deep understanding of operational processes, and the ability to implement strategies that enhance productivity and profitability. Key Responsibilities: - Operations Management: - Oversee the day-to-day operations of the organization, ensuring that all processes are running efficiently and effectively. - Monitor key performance indicators (KPIs) to identify areas for improvement and implement strategies to enhance productivity. - Coordinate between departments (e.g., production, logistics, customer service) to ensure seamless operations and the timely delivery of products or services. - Resource Management: - Manage and allocate resources (e.g., personnel, equipment, budget) to optimize operational efficiency and meet organizational goals. - Develop and implement resource management plans to address current and future operational needs. 3. Splunk Content Developer L3 JD- C ontent Development: - Design and develop custom dashboards, reports, and alerts within Splunk to meet the needs of various business units, including IT operations, security, and business intelligence. - Create and optimize complex SPL queries to extract meaningful data and insights. - Develop and maintain data models, saved searches, and macros to streamline content creation and improve performance. - Requirement Gathering: - Work closely with stakeholders to understand their needs and translate business and technical requirements into effective Splunk content. - Collaborate with cross-functional teams to ensure the content aligns with organizational goals and objectives. 4. Splunk Analyst JD The Splunk Analyst will be responsible for the design, implementation, and maintenance of Splunk solutions. This role involves working with large datasets, creating dashboards, alerts, and reports to provide actionable insights, and supporting the organizations IT security, compliance, and operational monitoring needs. Key Responsibilities: - Data Onboarding & Management: - Collect, monitor, and analyze data from various sources by configuring and deploying Splunk forwarders and ingesting data into the Splunk platform. - Optimize Splunk data models and indexes for performance. - Ensure data integrity, proper parsing, and normalization of data. - Dashboard & Report Development: - Design, develop, and maintain Splunk dashboards, alerts, and reports to provide insights into system performance, security events, and operational metrics. - Collaborate with stakeholders to gather requirements and tailor reports/dashboards to meet business needs. - Monitoring & Alerting: - Implement and fine-tune Splunk alerts to proactively monitor for security incidents, performance issues, and anomalies. - Conduct regular system health checks to ensure the stability and performance of the Splunk environment. - Troubleshooting & Support: - Investigate and resolve issues with Splunk performance, data ingestion, and search/query errors. - Provide support to end-users, helping them to use Splunk effectively