• Ability to interpret disparate sources of data, identify subtle patterns indicative of malicious activity and follow up with research to produce high quality intelligence assessments and reports
• Correlating log events from multiple technologies using a combination of rules, filters, lists and queries to identify the sequences of events that match potential attack patterns.
• Design and build detection capability to present the SOC analysts with alerts relating to suspicious activity
• Incident response and Forensics experience is an asset
• Should capable to fine tune logs
• Evaluate event flows to identify common risks and vulnerabilities to develop and implement solutions
• Recommend enhancements to SOC security process, Operations efficiencies.
• Elastic Stack experience preferable
• Owning installation and management of QRadar infrastructure (Red Hat Enterprise Linux (RHEL) images for QRadar SIEM).
• Sizing of QRadar event collector images at offering sites (bare metals and/or virtuals).
• Management of QRadar Appliance builds.
• Co-ordinate extensively with networking teams to maintain and establish communication to remote QRadar Collectors/Processors.
• Work with business units to ensure they know what and how to feed data into QRadar.
• Work with business units to create network hierarchy, building blocks, classify Log Sources within the QRadar SIEM.
• Work with teams tuning the QRadar application to suppress or alert on false positive security events.
• Closely work with offering teams on implementation and growth planning for installations of event processors/collectors.
• Break-fix triage, resolution and restoration of service for QRadar application and event collector images.
General IT Skills
• Complete knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise Anti-Virus products
• Network administration and troubleshooting knowledge (Routing/Switching)
• Security Solutions knowledge of IPS/IDS, WAF, DDoS, Spam, Proxy etc
• System administration and troubleshooting knowledge (Windows/Linux)
• Programming knowledge – Python