QRadar Administrator

Roles and Responsibilities : QRadar Administration & Maintenance : - Install, configure, upgrade, and maintain QRadar components (Console, Event Collectors, Event Processors, Flow Collectors, Flow Processors, etc.). - Manage user access, roles, and permissions following the principle of least privilege. - Monitor system health, resource utilization, and performance metrics. - Apply patches, firmware updates, and security fixes to ensure system security and stability. - Perform regular configuration backups and establish disaster recovery plans. Log Source Management : - Onboard, configure, and optimize log sources from various security devices (firewalls, IDS/IPS, endpoint security, databases, etc.). - Ensure proper log collection, parsing, normalization, and categorization. - Troubleshoot log ingestion issues and fix parsing errors. - Optimize log retention policies to manage storage efficiently. Rule & Use Case Management : - Develop, fine-tune, and optimize correlation rules and offenses to enhance threat detection. - Configure custom event and flow rules based on organizational security requirements. - Reduce false positives through rule optimization and periodic review. - Conduct use case gap analysis to improve detection capabilities. Dashboard & Reporting : - Create and manage dashboards, reports, and compliance documentation. - Configure scheduled reports for stakeholders, including SOC analysts and management. - Ensure compliance with regulatory frameworks such as PCI-DSS, ISO 27001, NIST, etc. Incident Investigation & Troubleshooting : - Assist SOC teams in analyzing security incidents and conducting root cause analysis. - Investigate offenses, identify false positives, and recommend tuning strategies. - Provide threat hunting and forensic analysis support as needed. Integration & API Management : - Integrate QRadar with third-party security tools (Threat Intelligence, SOAR, SIEM connectors, etc.). - Develop automation scripts and API integrations for data enrichment and workflow optimization. - Configure log forwarding to external security platforms when required. Compliance & Auditing : - Maintain system logs for audit trails and compliance reporting. - Ensure log integrity and enforce retention policies as per regulatory requirements. - Conduct periodic audits to assess and enhance SIEM effectiveness. Performance Optimization & Capacity Planning : - Monitor EPS (Events Per Second) and FPM (Flows Per Minute) to ensure system stability. - Optimize event processing by tuning filters, routing rules, and storage allocation. - Plan for system expansion based on log growth trends and organizational needs. Required Skills : - Bachelor's degree in Cybersecurity, Information Technology, or related field. - 3 years of experience in QRadar administration, SIEM management, or security operations. - Strong knowledge of security event log analysis and threat detection methodologies. - Experience with log source onboarding, parsing, normalization, and rule configuration. - Proficiency in scripting (Python, Bash) for automation and API integration. - Familiarity with compliance frameworks such as PCI-DSS, ISO 27001, and NIST. - Excellent troubleshooting, analytical, and problem-solving skills. - Strong communication and collaboration abilities with security teams and stakeholders. Preferred Certifications : - IBM Certified QRadar SIEM Administrator - CISSP, CISM, or other relevant cybersecurity certifications (ref:hirist.tech)

Location: navi-mumbai, IN

Posted Date: 5/7/2025