SIEM administrator and SOC lead
-
- Security
- Entry Level
SIEM administrator and SOC lead
-
- Security
- Entry Level
At IBM, work is more than a job – it’s a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you’ve never thought possible. Are you ready to lead in this new era of technology and solve some of the world’s most challenging problems? If so, lets talk.
Your Role and Responsibilities
- Good knowledge of SIEM, SIEM Architecture, SIEM health check.
- Deployment of SIEM in customer environment.
- Audit the SIEM in the customer environment.
- Troubleshoot issues regarding SIEM and other SOC tools.
- Good verbal/written communication skills.
- Build of use case for the customer.
- Data archiving and backup and data purging configuration as per need and compliance.
- Raising change management tickets for SOC Administration activities like Patch upgrade for SIEM, onboarding log sources etc.
- Helping L2 and L1 with required knowledge base details and basic documentations.
- Co-ordination with L2 and SOC Monitoring team for troubleshooting issues and highlighting them to clients for further resolution and escalation.
- High ethics, ability to protect confidential information.
- Troubleshooting at device and connector/agent end to fix the anomaly reported by other team and observed on day to day basis.
- Building of incident reports, advisories and review if SLA has been met for Incident alerting and Incident closure.
- Update and maintain SOC knowledge base for new security incidents and docs.
- Creation of daily status report sheet and submit to SOC manager for review.
- Review advisories and make necessary detection measures.
- Provide analysis and trending of security log data from a large number of security devices.
- Troubleshooting non-reporting devices fix and maintain device status.
- Working with OEM (Tool support) in a way to resolve the issue or incident raised.
- Administration of Windows and Unix servers.
- Building Parser for the SIEM using regex.
- Ready to work on 24/7 shifts to support client requirement.
Who you are:
The Security Analyst monitors security events from the various SOC entry channels (SIEM, Tickets, Email and Phone), based on the security event severity, escalate to managed service support teams, tier2 information security specialists, and/or customer as appropriate to perform further investigation and resolution.
What you’ll do:
- Deployment of SIEM in customer environment.
- Audit the SIEM in the customer environment.
- Troubleshoot issues regarding SIEM and other SOC tools.
- Build of use case for the customer.
- Data archiving and backup and data purging configuration as per need and compliance.
- Raising change management tickets for SOC Administration activities like Patch upgrade for SIEM, onboarding log sources etc.
- Helping L2 and L1 with required knowledge base details and basic documentations.
- Co-ordination with L2 and SOC Monitoring team for troubleshooting issues and highlighting them to clients for further resolution and escalation.
- Troubleshooting at device and connector/agent end to fix the anomaly reported by other team and observed on day to day basis.
- Building of incident reports, advisories and review if SLA has been met for Incident alerting and Incident closure.
- Update and maintain SOC knowledge base for new security incidents and docs.
- Creation of daily status report sheet and submit to SOC manager for review.
- Review advisories and make necessary detection measures.
- Provide analysis and trending of security log data from a large number of security devices.
- Troubleshooting non-reporting devices fix and maintain device status.
- Working with OEM (Tool support) in a way to resolve the issue or incident raised.
- Administration of Windows and Unix servers.
- Building Parser for the SIEM using regex.
How we’ll help you grow:
IBM is committed to create a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
- You’ll have access to all the technical, management and leadership training courses you need to become the expert you want to be
- You’ll learn directly from sales leaders and senior leadership team
- You have the opportunity to work in many different areas to figure out what really excites you
Required Technical and Professional Expertise
- 7 Years of Experience in SIEM administration and SOC.
- Escalation point for L2 and SOC Monitor team.
- Ability to drive call and summarizing it post discussion.
- Handsome experience in SIEM administration and Event flow architecture and different types of logs generated by devices like Windows, Proxy, Network Devices, Database…etc.
- Good Understanding of Firewall, IDP/IPS, SIEM functioning (Generalize HLD as well as LLD).
- Deep understanding on Windows, DB, Mail cluster, VM and Linux commands.
- Knowledge of network protocols TCP/IP and ports.
- Team Spirit and working ideas heading to resolution of issues.
Preferred Technical and Professional Expertise
- Qualifications like CISA, CISM, CISSP, CEH, SANS or any other recognized qualification in Cybersecurity (SIEM/Qradar certification) will be preferred.
- Thorough knowledge in SIEM tool and experience in networking, Cloud security experience will be preferred.
- SOC lead experience with multiple customers.
Want to know what it’s like to be an IBMer?
Key Job Details
Don’t see a fit at this time?
Don’t worry. Join our Talent Network and get notified about the latest opportunities.