7 Siem Administration Jobs

Your role and responsibilities We are seeking a highly skilled SIEM Security Engineer to join our cybersecurity team. This role involves the administration, engineering, and optimization of Security Information and Event Management (SIEM) solutions, specifically focusing on QRadar SIEM, as well as developing and implementing security use cases based on frameworks like MITRE ATT&CK and NIST. Key Responsibilities: SIEM Administration & Engineering: Maintain, configure, and optimize SIEM platforms, ensuring high availability and efficiency. Use Case Development: Design, implement, and test correlation rules and threat detection methodologies based on industry best practices. Log Source Management: Integrate and troubleshoot various log sources including firewalls, endpoints, IAM, cloud, network devices, and more. Threat Hunting & Incident Response Support: Work closely with SOC analysts, threat hunters, and incident response teams to identify security incidents and optimize detections. False Positive Reduction & SIEM Optimization: Refine correlation logic to improve detection efficacy while minimizing false positives. Security Framework & Compliance: Implement security controls in alignment with MITRE ATT&CK, NIST, and ITIL frameworks. Documentation & Collaboration: Maintain use case catalogs, runbooks, and collaborate with internal teams for continuous improvements. Advanced Analysis: Lead investigations of complex cybersecurity threats, escalate critical findings, and contribute to SOC strategic planning. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 8+ years of experience in IT Cyber Security Industry 6+ years experience in SIEM Administration and Use Case Engineering Strong understanding of Networking, OSI, TCP/IP concepts Expertise in Cybersecurity controls, threat detection, and attack methodologies Knowledge of MITRE ATT&CK, NIST frameworks, and security best practices Hands-on experience with multiple SIEM solutions, preferably QRadar SIEM Experience with UBA solutions and SIEM tuning Familiarity with log source integration, parsing, correlation, and troubleshooting Coordination and communication skills to work with security, engineering, and service delivery teams Preferred technical and professional experience SIEM Use Case Engineering and Content Development Relevant cybersecurity certifications such as CEH, CompTIA Security+, CCNA Strong ability to analyze security trends, optimize existing rules, and recommend improvement

Roles And Responsibilities: - Experiences with Cloud security defensive techniques and threat modelling. Experiences with designing, implementing secure cloud architectures, incident response and investigation of security breaches. Develop detection rules to support our SOCalerting and response capabilities. Maintain threat intelligence databases in cloud platforms. Provide expert analytic investigative support to analysts for complex security incidents. Implement and execute administrative, management, and lifecycle procedures for the SIEM. Lead network security design for cloud solutions, including automation to support cloud expansion and network segmentation strategy. Review security controls measures, identify gaps in the security architecture, and implement improvements or enhancements as needed. Implement email security standards such as DKIM, SPF and DMARC. Demonstrated experience with deploying and operating network security tools, including but not limited to IDS, firewalls, proxies and security gateways. Evaluates system security configurations to ensure efficacy and compliance with policies and procedures. Researches and investigates the potential impact of new threats and exploits and recommends solutions to management. Provides guidance on risks, vulnerabilities, or potential vulnerabilities within the architecture. Excellent communication skills both written and verbal include the capacity to communicate complex and technical issues. Certification:Cloud security certification, CEH, CISSP

Required Skills Technology | Sentinel SIEM Tool Administrator | Level 2 Support Technology | Securonix SIEM Tools Administrator | Level 2 Support Education Qualification : B.Sc Certification Mandatory / Desirable : Technology | Microsoft Certified: Security, Compliance, and Identity Fundamentals / CISSP/CISM/CEH/GIAC Certified Incident Handler/Certified SOC Analyst (CSA)/CompTIA Cybersecurity Analyst (CySA+)/Cisco Certified CyberOps Associate Delivery Skills required are: - Technical Skills: - *Identifying and analyzing potential threats and vulnerabilities using various tools and techniques. *Leading and managing the response to security incidents, including containment, eradication, and recovery. *Implementing and maintaining security monitoring systems, such as SIEM (Security Information and Event Management) tools. *Prioritizing and remediating vulnerabilities based on risk assessments. Operational Skills: - *Developing, implementing, and enforcing security policies, standards, and procedures. *Managing and maintaining secure configurations for systems, networks, and applications. *Overseeing the timely application of security patches and updates to systems and software. Analytical Skills: - *Analyzing logs and event data from various sources to identify patterns and anomalies. *Utilizing advanced analytics to detect and investigate security incidents. *Conducting digital forensics investigations to uncover evidence of security breaches. Collaboration and Teamwork: - *Collaborating with other IT and security teams to enhance the organization s security posture. *Coordinating response efforts during security incidents with internal and external stakeholders. *Leading incident response teams and ensuring effective communication and collaboration.

Key Responsibilities: • Architecting & Designing Next-Gen SIEM/EDR. • Perform as the subject matter expert on any of the above solutions for the customer, use the capabilities of the solution in the daily operational work for the end customer. • Advise customers on best practices and use cases on how to use this solution to achieve customer end state requirements. • Content development (Use case development) which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems • Work with the wider Delivery teams and customer to create SOC playbooks covering the SIEM and SOC setup • Create and configure SOAR workflows • Configure correlation searches and alerting including tweaking alerts to reduce false positives • Act as the SME for SIEM deployment and configure to assist delivery teams with the ingestion of data sources (AWS/Qualys) into the SIEM • Assist teams on implementation of SIEM alerts into Jira to track/manage alerts • Assist with setup and configuration of SIEM severity priorities in line with SLAs in both the SIEM, SOAR and Jira • Create and configure dashboards which can be used for reporting and incident response Skills Required Skills and Qualifications: • B. Tech./ B.E. with sound technical skills • Strong command on verbal and written English language. • Demonstrate both technical acumen and critical thinking abilities. • Strong interpersonal and presentation skills. • Minimum 10+ years of Hands-on experience of operating/implementing the above security tools. • Certification in any of the SIEM platforms is a plus

Introduction At IBM, work is more than a job - its a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things youve never thought possible. Are you ready to lead in this new era of technology and solve some of the worlds most challenging problems If so, lets talk. Your role and responsibilities We are seeking a highly skilled SIEM Security Engineer to join our cybersecurity team. This role involves the administration, engineering, and optimization of Security Information and Event Management (SIEM) solutions, specifically focusing on QRadar SIEM, as well as developing and implementing security use cases based on frameworks like MITRE ATT&CK and NIST. Key Responsibilities: SIEM Administration & Engineering: Maintain, configure, and optimize SIEM platforms, ensuring high availability and efficiency. Use Case Development: Design, implement, and test correlation rules and threat detection methodologies based on industry best practices. Log Source Management: Integrate and troubleshoot various log sources including firewalls, endpoints, IAM, cloud, network devices, and more. Threat Hunting & Incident Response Support: Work closely with SOC analysts, threat hunters, and incident response teams to identify security incidents and optimize detections. False Positive Reduction & SIEM Optimization: Refine correlation logic to improve detection efficacy while minimizing false positives. Security Framework & Compliance: Implement security controls in alignment with MITRE ATT&CK, NIST, and ITIL frameworks. Documentation & Collaboration: Maintain use case catalogs, runbooks, and collaborate with internal teams for continuous improvements. Advanced Analysis: Lead investigations of complex cybersecurity threats, escalate critical findings, and contribute to SOC strategic planning. Required education Bachelors Degree Preferred education Bachelors Degree Required technical and professional expertise 8+ years of experience in IT Cyber Security Industry 6+ years experience in SIEM Administration and Use Case Engineering Strong understanding of Networking, OSI, TCP/IP concepts Expertise in Cybersecurity controls, threat detection, and attack methodologies Knowledge of MITRE ATT&CK, NIST frameworks, and security best practices Hands-on experience with multiple SIEM solutions, preferably QRadar SIEM Experience with UBA solutions and SIEM tuning Familiarity with log source integration, parsing, correlation, and troubleshooting Coordination and communication skills to work with security, engineering, and service delivery teams Preferred technical and professional experience SIEM Use Case Engineering and Content Development Relevant cybersecurity certifications such as CEH, CompTIA Security+, CCNA Strong ability to analyze security trends, optimize existing rules, and recommend improvement

Position Summary We are seeking an experienced SOC Analyst to join our Security Operations team. This role demands an individual with a strong technical background in incident analysis, SIEM administration, and rule fine-tuning. The ideal candidate will have experience working with diverse environments, including Windows, Linux, and network security, and will be well-versed in ELK stack management and troubleshooting beats agents. Key Responsibilities 1. Incident Detection and Analysis: o Conduct deep-dive analysis on security incidents, assessing root causes, and recommending solutions. o Proactively monitor and respond to security alerts, managing incident escalation and resolution processes. o Prepare detailed reports and document incidents to support future analysis and security measures. 2. SIEM Administration and Rule Fine-Tuning: o Oversee SIEM configurations, including tuning rules to optimize alerting and reduce false positives. o Conduct SIEM platform upgrades, troubleshoot performance issues, and ensure platform availability. o Collaborate with IT teams to integrate new data sources into SIEM and enhance visibility. 3. System and Network Security: o Perform continuous monitoring and analysis across Windows and Linux systems and network infrastructures. o Utilize tools for traffic analysis, anomaly detection, and threat identification. o Support configurations and policies within the IT and network environment to strengthen security. 4. ELK Stack and Beats Agent Management: o Manage and troubleshoot ELK Stack components (Elasticsearch, Logstash, and Kibana) to ensure seamless data flow. o Perform regular maintenance and troubleshooting of beats agents, ensuring reliable log ingestion and parsing. 5. Security Policies and Compliance: o Contribute to policy updates, ensuring adherence to organizational and industry compliance standards. o Document and enforce security controls aligned with best practices and regulatory requirements. Skills and Qualifications Education: Bachelors degree in Information Security, Computer Science, or a related field. Experience: o Minimum of 5+ years in SOC operations or a similar cybersecurity role. o Proven experience in SIEM administration, incident analysis, and configuration fine-tuning. o Proficiency in monitoring and troubleshooting Windows and Linux systems and managing network security protocols. o Hands-on experience with the ELK Stack, with expertise in troubleshooting beats agents. Technical Skills: o Familiarity with SIEM tools (e.g., Splunk, QRadar) and network protocols. o Strong command of incident response processes, security frameworks, and best practices. o Knowledge of communication protocols and system integrations for data protection. Certifications (preferred): CISSP, CompTIA Security+, CEH, or similar security certifications. Competencies Strong analytical skills with attention to detail. Excellent verbal and written communication abilities. Ability to work independently and collaboratively in a fast-paced environment. Additional Preferred Skills Knowledge of regulatory compliance standards. Experience in using EDR solutions. Ability to document processes and create incident playbooks. This role offers an opportunity to work on advanced cybersecurity initiatives within a dynamic SOC environment, contributing to enhanced organizational security. Keywords SIEM administration,incident analysis,configuration fine-tuning,Windows,Linux,network security protocols,ELK Stack,troubleshooting beats agents,Splunk,Qradar,EDR solutions,Cybersecurity* Mandatory Key Skills SIEM administration,incident analysis,configuration fine-tuning,Windows,Linux,network security protocols,ELK Stack,troubleshooting beats agents,Splunk,Qradar,EDR solutions,Cybersecurity*

Requirement / Qualification: Resource with minimum 4 5 years of managing SIEM. Security events Monitoring and SIEM administration/Implementation support. Proven experience on handling security incident investigation / forensics Knowledge of security and compliance regulatory standards. Create dashboards on Alien Vault Console to visualize data and events which help identify trends, anomalies and monitor the general health or security status of the environment. Monitor multiple security alerts sources, eliminate false positive and based on impact and nature of security incident escalate according to established procedures. Knowledge of Alien Vault SIEM, its components, and associates Proactively monitoring vulnerabilities related to network security and upgraded the SIEM rules accordingly. Threat Research & Analysis during high severity Cyber Attacks impacting clients globally. Experience in handling Incident response, triaging and analyzing the incidents. Security threat identification (including malware), research, analysis and advisory capabilities. Some knowledge of hacking stages and techniques Excellent troubleshooting skills, with a creative approach to problem solving. Team player and collaborator with excellent follow up and documentation skills. Must be able to work and develop a positive relationship with customers of various sizes and complexity. Self driven engaging individual with a proven history of demonstrated technical skills. Ability to determine root cause of technical issues either on own or in a collaborative scenario.