Job description:

Responsibilities:Leadership and Operations: Lead the day-to-day operations of the security operations center (SOC) to protect the organization and its customers. Investigate security incidents and coordinate response efforts. Maintain engineering and security documentation. Assist customers in optimizing SIEM system capabilities, including audit and logging features. Create technically detailed reports on the status of the SIEM system.Deployment and Configuration: Deploying QRadar Infrastructure: Responsible for deploying, configuring, and maintaining the overall QRadar infrastructure based on a holistic deployment architecture. Health Checks: They perform health checks to ensure that the QRadar solution meets key performance indicators. Audit and Monitoring: Regularly audit the SIEM system in the customer environment to ensure its effectiveness.Architecture and Design: Understand the architecture of QRadar, which consists of various components such as data nodes, app hosts, and high availability (HA) configurations. Familiarize themselves with data nodes and data storage mechanisms within QRadar. Manage and maintain the app host, which plays a crucial role in extending QRadar s capabilities through apps and extensions3. Architect and implement high availability and disaster recovery solutions for QRadar deployments. Configure and manage cloud based QRadar deployments. Deploy and manage WinCollect Standalone and managed deployments.Integration and Optimization: Integrate QRadar with other security tools and platforms to enhance overall security posture and for response actions. Optimization: Continuously optimize QRadar s performance by tuning rules, modifying the base configuration, adjusting retention settings, and managing backups. Managing support tickets with help of vendor support. Apply Patches / Upgrades to the QRadar components, WinCollect and base platform to fix major vulnerabilities and issues. Create custom parsers and connectors to integrate the log sources which are not supported out-of-box.Qualifications:Education: Typically, a relevant degree in Computer Science, Information Security, or a related field.Certifications: Preferred certifications include CISSP, CISA, CEH, and SIEM-related certifications.Technical Skills: Familiarity with web proxies, Linux, and Windows operating systems. Knowledge of regular expressions, data normalization techniques, and cyber security tools. Understanding of intrusion detection methods and secured networks integration with the SIEM platform. Proficiency in scripting and software development (e.g., Python, Perl, shell scripts etc)

• To clealry understand the client's cybersecurity environment and respective technological products.
• To identify and mitigate cybersecurity gaps in the client's environment and Skill Enhancement
• To complete assigned projects and tuningortechnical enhancement activities within the agreed timelines and support in the maturation of client's security postureorcomplianceorprocesses through idea generation and value creation.
• To analyse security concerns in Change Management Process and implement tools for Cyber Security improvement.
• To investigate cybersecurity incidents, perform RCA, work and coordinate with teams for all the ongoing critical security issues.
• To enable knowledge transfer through creationor maintenance of process documents; and training for specific tools to ensure all team members are updated on the tools and processes used
• To update client and stakeholders on current project progress and ongoing critical issues