We have an excellent opening for SIEM/SOC:
Experience: 5 to 7 Yrs
Primarily looking for IBM QRadar SIEM analyst with at least 8- 11 years of core Security experience in Information Security Services & Security Operation Center managing as well as experience in handling the technical aspects of L1, L2/L3 level of analysis and supporting international clients thus candidate should be able to communicate & demonstrate technical updates well in English language. Added advantage for SIEM tool like HP ArcSight, Splunk and McAfee ESM & handle related issues & troubleshooting SIEM components. Management and executive and dashboard reporting for implement any agreed changes to security tools.
Detailed Job Description:
IBM QRadar Event Alert, correlation rules and Security Operations Center experience with real time analysis, correlation, false positive, packet analysis and port monitoring using filters
Worked on prevention of threats or risks by tuning the security infrastructure & analyze from security exposure in the Equipment, Software under the guidance of client Information Security. , Knowledge on Cryptographic tools & methodologies Security Incident Management and Reporting. Worked under SOC environment and experience on using different SIEM Tools. Prepare and coordinate risk assessments for proposed changes to the Equipment, Software and related Services on SOC environment. . Support security incident response processes in the event of a security breach by providing logging and audit information and by providing incident reporting. . Implement and manage a security incident management process according to the Security Policy. . Coordinate notification of security incident occurrence with client. . Provide periodic trending problem reports. Create and maintain a Security Incident log that is also provided to client Information Security to facilitate historical analysis. . Assist investigators of security incidents involving the client Sites and other locations, document findings, and coordinate resolution. Good understanding of active directory infrastructure, Participate in Change Management, Problem Management & Configuration Management. Understanding of malware, antivirus & antispam solutions Vulnerability Management . Vulnerability Scanning & report analysis (Nessus / QualysGuard) . Identification of false positives . Understand & share remediation strategies when required (application of remediation patches is out of scope) Monitoring . Monitor logs and security events across network infrastructure. Log, monitor, investigate, and report on access violations. . Provide log analysis to provide views of misuse, fraudulent or malicious activities. . Provide alerts and reports appropriately. . Capacity Management . Performance monitoring & threshold management Patch Management . Understanding of patch management process and tools; evaluate the release patch/recommended solution by tools. . Liaise with client Infrastructure teams for patch deployment. . Coordinate with vendor for patch Validation.
• Expert in IBM Qradar and Certification would be an added advantage
• Thorough knowledge of TCP/IP and file transfer protocols
• Added advantage if experienced in SIEM Tools (ArcSight, Mcafee, etc)
• Knowledge on IDS / IPS, Firewall monitoring and change in rule base.
• Fair Knowledge on antimalware, antispam tools, vulnerability management
• Log reviews and security forensic reviews
• Experience with working in Windows as well
Job Description Job Description as Unix/Linux environments People Skills
• Willingness to work under 24*7 rotating shift basis
• Effective communication skills in both verbal and written English
• Ability to adhere to strict quality, service levels and change management process
• Demonstrated initiative to stay abreast of technology advancements
• Security certification such as CCNA, MCSE, MCP, CISSP, CEH, CHFI or any other equivalent is desirable