Lead SIEM Analyst (Q-Radar & Splunk)

Scope:

• Lead SIEM analyst administer Plan, design, implement, monitor, Manage QRadar SIEM Tool that protect an organization’s computer systems and data.
• The Enterprise Security team currently comprises of 30+ members and is expected to grow rapidly. The incumbent will need to have leadership qualities also to mentor junior security associates in our team.

Technical Environment:

• Software: CEH. Strong Administration knowledge on QRadar, Endpoint Security, Web and Email  and Cloud Security Products
• Application Architecture: Enterprise Information Security -SOC

What you’ll do:

• End to End Management of SIEM (QRadar) and Splunk technology
  • Setup and configure new QRadar tools and configure policies.
  • Data source integration,
  • SIEM administration
  • Parser development,
  • Content development
  • Use case development.
  • Report, and Dashboard configuration.
  • Engage in Security incident life cycle phases.
  • Develop the playbook for defined use cases for SOC analyst.
  • Rule Creation, Building block creation and fine tuning.

• For all the about products candidate is responsible for
  • Product Upgrades
  • Act as POC for all product issues.
  • Vendor Co-ordination
  • Co-ordinate with Stakeholder to troubleshoot any product related issues
  • Prepare SOPs, Ensure SLA is met.
  • Provide Weekly and Monthly Metrics to the management
  • Lead new projects independently

What are we looking for:

• 6 to 8 years of experience on SIEM tool IBM QRadar and Splunk.
• IBM QRadar SIEM administration and implementation.
• Strong skill set in Parser development for unsupported log sources/Custom log source integration.
• Log source integration with SIEM.
• IBM QRadar UBA administration
• Candidate with Splunk ES experience will have additional advantage.
• Ability to multitask and work independently with minimal direction and maximum accountability.
• Must be proficient in scripting language PowerShell or Python.
• Intimate familiarity with Linux and windows platform and its command line utilities.
• Ability to reach to high pressure and challenging environment.
• Excellent customer service including strong written and oral communication skills.
• Bachelor’s degree in Information Security/Systems or related industry experience.
• Certifications such as IBM Certified Associate Administration and/or IBM Certified Deployment Professional.

Good to have:

• Performs detailed analysis of alerts and potential threats.
• Performs daily detect & response functions, working closely with SOC functions.
• Maintains and documents the security control procedure, SOP & Play-book.
• Participates in Forensic investigations and computer security incident response.
• Leverages internal and external resource to research threats, vulnerabilities and intelligence on various attack vectors and attack infrastructure.
• Strong knowledge on ITIL processes like Incident, Problem & Change Management. ITIL V3 Foundation certification will be given preference.

Our Values

If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success – and the success of our customers. Does your heart beat like ours? Find out here: Core Values

Diversity, Inclusion, Value & Equality (DIVE) is our strategy for fostering an inclusive environment we can be proud of. Check out Blue Yonder's inaugural Diversity Report which outlines our commitment to change, and our video celebrating the differences in all of us in the words of some of our associates from around the world.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.