Requirement:
SIEM Engineer / SIEM Administrator (QRadar to Splunk Migration)
Remote
12+ Months
Role Summary
We are seeking a hands-on SIEM professional who can stabilize and operate the existing IBM QRadar platform while actively supporting the migration and transformation to Splunk. This role requires strong SIEM administration fundamentals, deep QRadar operational experience, and working knowledge of Splunk architecture and onboarding practices.
Key Responsibilities
Core SIEM Administration (Common Across Platforms)
• Day-to-day SIEM administration including log onboarding, parsing, normalization, enrichment, and retention management
• Care and feeding of SIEM platforms including health checks, performance tuning, capacity monitoring, and data quality validation
• Troubleshoot ingestion gaps, parsing errors, timestamp issues, and dropped events
• Coordinate with infrastructure, cloud, IAM, network, and application teams to onboard log sources
• Maintain SIEM documentation, runbooks, and log source inventories
QRadar-Specific Responsibilities
• Administer QRadar components including Event Collectors, Event Processors, Flow Collectors, and Console
• Onboard log sources using DSMs, custom properties, and log source extensions
• Support QRadar Apps installation, upgrades, and troubleshooting
• Tune offenses, reference sets, and building blocks to reduce false positives
• Perform QRadar patching, upgrades, and health monitoring
Splunk-Specific Responsibilities
• Support Splunk onboarding including forwarders, inputs, indexes, source types, and parsing rules
• Map QRadar log sources and use cases to Splunk CIM and data models
• Validate data quality, latency, and field extraction in Splunk
• Support Splunk ES use cases, dashboards, and correlation searches
• Assist with migration testing, cutover planning, and post-migration stabilization
Required Skills & Experience
• 4–8 years of experience in SIEM administration
• Strong hands-on experience with IBM QRadar
• Solid understanding of log formats, syslog, APIs, and event pipelines
• Experience supporting SOC operations
Preferred Skills
• Working knowledge of Splunk Enterprise or Splunk ES
• Experience with SIEM migration or coexistence models
• Exposure to cloud platforms (AWS, Azure, Google Cloud Platform)
• Scripting knowledge (Python, Bash)
• Familiarity with compliance frameworks such as ISO 27001, SOC 2, or PCI-DSS
Role Characteristics
• Hybrid Run and Transform role
• High interaction with SOC and Security Architecture teams
• Opportunity to grow into SIEM architecture and transformation leadership roles
Success Metrics
• Stable QRadar operations during migration
• Minimal log loss during dual-platform operations
• Successful onboarding of priority log sources into Splunk
• Improved SIEM data quality and SOC confidence
Never miss an opportunity! Create an alert based on the job you applied for.
