QRadar Administrator (2-5 yrs)

Roles and Responsibilities :

QRadar Administration & Maintenance :

- Install, configure, upgrade, and maintain QRadar components (Console, Event Collectors, Event Processors, Flow Collectors, Flow Processors, etc.).

- Manage user access, roles, and permissions following the principle of least privilege.

- Monitor system health, resource utilization, and performance metrics.

- Apply patches, firmware updates, and security fixes to ensure system security and stability.

- Perform regular configuration backups and establish disaster recovery plans.

Log Source Management :

- Onboard, configure, and optimize log sources from various security devices (firewalls, IDS/IPS, endpoint security, databases, etc.).

- Ensure proper log collection, parsing, normalization, and categorization.

- Troubleshoot log ingestion issues and fix parsing errors.

- Optimize log retention policies to manage storage efficiently.

Rule & Use Case Management :

- Develop, fine-tune, and optimize correlation rules and offenses to enhance threat detection.

- Configure custom event and flow rules based on organizational security requirements.

- Reduce false positives through rule optimization and periodic review.

- Conduct use case gap analysis to improve detection capabilities.

Dashboard & Reporting :

- Create and manage dashboards, reports, and compliance documentation.

- Configure scheduled reports for stakeholders, including SOC analysts and management.

- Ensure compliance with regulatory frameworks such as PCI-DSS, ISO 27001, NIST, etc.

Incident Investigation & Troubleshooting :

- Assist SOC teams in analyzing security incidents and conducting root cause analysis.

- Investigate offenses, identify false positives, and recommend tuning strategies.

- Provide threat hunting and forensic analysis support as needed.

Integration & API Management :

- Integrate QRadar with third-party security tools (Threat Intelligence, SOAR, SIEM connectors, etc.).

- Develop automation scripts and API integrations for data enrichment and workflow optimization.

- Configure log forwarding to external security platforms when required.

Compliance & Auditing :

- Maintain system logs for audit trails and compliance reporting.

- Ensure log integrity and enforce retention policies as per regulatory requirements.

- Conduct periodic audits to assess and enhance SIEM effectiveness.

Performance Optimization & Capacity Planning :

- Monitor EPS (Events Per Second) and FPM (Flows Per Minute) to ensure system stability.

- Optimize event processing by tuning filters, routing rules, and storage allocation.

- Plan for system expansion based on log growth trends and organizational needs.

Required Skills :

- Bachelor's degree in Cybersecurity, Information Technology, or related field.

- 3+ years of experience in QRadar administration, SIEM management, or security operations.

- Strong knowledge of security event log analysis and threat detection methodologies.

- Experience with log source onboarding, parsing, normalization, and rule configuration.

- Proficiency in scripting (Python, Bash) for automation and API integration.

- Familiarity with compliance frameworks such as PCI-DSS, ISO 27001, and NIST.

- Excellent troubleshooting, analytical, and problem-solving skills.

- Strong communication and collaboration abilities with security teams and stakeholders.

Preferred Certifications :

- IBM Certified QRadar SIEM Administrator

- CISSP, CISM, or other relevant cybersecurity certifications