Overview
Skills
Job Details
100% Remote
1. QRadar Platform Expertise
Architecture and components (Console, Event Collectors, Event Processors, Flow Collectors, Data Nodes)
Log source integration and configuration
Custom rules and building offenses
Use Case Manager app and AQL (Advanced Query Language)
DSM (Device Support Modules) tuning and extension
Flow data and QFlow/QNi
Offense management and tuning
Asset profiles and identity integration
2. SIEM & Security Fundamentals
Knowledge of security event types (e.g., logs from firewalls, IDS/IPS, servers, applications)
Understanding of attack frameworks (MITRE ATT&CK, Cyber Kill Chain)
Incident detection, response, and investigation processes
3. System Administration
Linux (Red Hat/CentOS) command line and troubleshooting
QRadar CLI tools and support utilities
Disk space and performance monitoring
Backup and recovery of QRadar components
4. Networking
TCP/IP, routing, VLANs, NAT, etc.
Understanding of NetFlow/sFlow/jFlow and network behavior analysis
Firewall rules and common network security tools
5. Integration Knowledge
Integration with threat intelligence feeds (STIX/TAXII, X-Force)
Identity sources (LDAP/AD)
Ticketing systems (e.g., ServiceNow, Jira)
Use of REST APIs for automation
6. Scripting & Automation (Bonus)
Bash or Python scripting for automation
Regex for log parsing and rule building
QRadar API for integrations or custom tooling