Job
Description
Role & responsibil Key Responsibilities: SIEM Administration: Install, configure, maintain, and upgrade SIEM components. (IBM Qradar SIEM, DNIF, Splunk & Securonix) Log Management: Onboard, parse, and normalize logs from various data sources (firewalls, servers, databases, applications, etc.) Custom log source integration and parser development. System Monitoring & Troubleshooting: Ensure SIEM tools are functioning optimally. Monitor & regular health check perform for SIEM tools. troubleshoot system errors and resolve performance issues. Conduct regular performance tuning and capacity planning Perform root cause analysis for system failures & performance issues. Optimize system performance and storage management for SIEM Integration & Automation : Integrate third-party security tools (firewalls, EDR, threat intelligence feeds) with SIEM. Compliance & Audits: Ensure log retention policies comply with regulatory standards. Develop & enforce SIEM access controls & user roles/permissions. Documentation & Training: Document system configurations, SOPs & troubleshooting documents. Prepare monthly/ weekly reports and PPT, onboarding documentation as per business/ client requirement. Dashboard & Report Development: Create & maintain custom dashboards & reports Optimize searches & reports for performance and efficiency. Other Knowledge Base: Hands on experience with Linux OS & Windows OS Basic to mediator level knowledge in networking skills Should be familiar with Azure, AWS or GCP products Required Skills & Qualifications: Bachelors degree in computer science, Cybersecurity, or related field (preferred). Strong knowledge of SIEM architecture, log sources, and event correlation. Proficiency in log management, regular expressions, and network security concepts. Experience integrating SIEM with various security tools (firewalls, IDS/IPS, antivirus, etc.). Scripting knowledge (Python, Bash, or PowerShell) is a plus. Training or Certificate on Splunk or IBM Qradar Preferred. Soft Skills: Strong analytical and problem-solving skills. Excellent communication and documentation abilities. Ability to work independently and in a team. Must Have Skills: Hands-on experience with SIEM tools like IBM QRadar, Splunk, Securonix, LogRhythm, Microsoft Sentinel, DNIF etc. Proficiency in IBM Qradar & Splunk administration Configuring, maintaining, and troubleshooting SIEM solutions. Log source integration, parsing, and normalization. Strong knowledge of TCP/IP, DNS, HTTP, SMTP, FTP, VPNs, proxies, and firewall rules. Familiarity with Linux and Windows system administration.
