SIEM Engineer

Role SIEM Engineer

Location- Remote

Position 1

Required Skills:

• QRadar SIEM
• AQL
• Analytical Skills
• Redhat Linux administration
• Bash
• DSM
• Database Management
• Excellent Verbal Communication Skills
• IBM
• IBM QRadar SIEM
• Intrusion Detection System IDS
• Linux
• Network Engineering
• Networking Protocol
• Performance Monitoring and Metrics
• PostgreSQL
• Problem Solving
• Python (Programming Language)
• SIEM
• SOAR
• Scripting
• Security Operations
• Software Troubleshooting
• Ticketing Systems
• Use case creation
• Vulnerability Scanning

Preferred Skills: Palo Alto XSIAM and XDR, Cribl, Splunk FireEye EDR security tools

Responsibilities

• Primary engineer managing SIEM platform with IBM QRadar and supporting delivery for Managed Security Services to a State Government client to provide timely, accurate, planned completion and implementation of security services, which must be available for 24x7x365 support
• Leads primary day-to-day SIEM interactions with project team and State cybersecurity staff. Manages platform health, performs upgrades, including managing deployed sensors and collectors. Interacts with SOC analysts to tune alerts and use cases, to include integrations with client
• Hands-on QRadar engineering and configuration experience required as system will be undergoing platform upgrades
• Adding new log sources to existing QRadar, configure use cases, alerts, etc.
• Conduct Nessus scans
• Ensure the solution can be integrated successfully into the overall application/system with clear, robust, and well-tested interfaces.
• Perform troubleshooting, work through complex requirements/solutions, and provide assistance/coaching with the creation of QRadar search queries and dashboards
• Maintain strong partnership with Detection & Response leadership and other teams in Security Organization
• Investigate and resolve QRadar performance issues including event drops, parsing problems, and unknown events
• Perform deep-dive analysis of log source integration issues and implement solutions
• Troubleshoot and optimize event collection, parsing, and normalization
• Create and maintain custom parsers, DSMs, and log source extensions
• Monitor system health, storage utilization, and EPS/FPS metrics
• Develop custom reports and dashboards for security metrics and compliance
• Fine-tune correlation rules and optimize system performance
• Perform root cause analysis for SIEM-related incidents