Job Information
IBM SIEM administrator and SOC lead in Chennai, India
Introduction
At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk.
Your Role and Responsibilities
Good knowledge of SIEM, SIEM Architecture, SIEM health check.
Deployment of SIEM in customer environment.
Audit the SIEM in the customer environment.
Troubleshoot issues regarding SIEM and other SOC tools.
Good verbal/written communication skills.
Build of use case for the customer.
Data archiving and backup and data purging configuration as per need and compliance.
Raising change management tickets for SOC Administration activities like Patch upgrade for SIEM, onboarding log sources etc.
Helping L2 and L1 with required knowledge base details and basic documentations.
Co-ordination with L2 and SOC Monitoring team for troubleshooting issues and highlighting them to clients for further resolution and escalation.
High ethics, ability to protect confidential information.
Troubleshooting at device and connector/agent end to fix the anomaly reported by other team and observed on day to day basis.
Building of incident reports, advisories and review if SLA has been met for Incident alerting and Incident closure.
Update and maintain SOC knowledge base for new security incidents and docs.
Creation of daily status report sheet and submit to SOC manager for review.
Review advisories and make necessary detection measures.
Provide analysis and trending of security log data from a large number of security devices.
Troubleshooting non-reporting devices fix and maintain device status.
Working with OEM (Tool support) in a way to resolve the issue or incident raised.
Administration of Windows and Unix servers.
Building Parser for the SIEM using regex.
Ready to work on 24/7 shifts to support client requirement.
Who you are:
The Security Analyst monitors security events from the various SOC entry channels (SIEM, Tickets, Email and Phone), based on the security event severity, escalate to managed service support teams, tier2 information security specialists, and/or customer as appropriate to perform further investigation and resolution.
What you'll do:
Deployment of SIEM in customer environment.
Audit the SIEM in the customer environment.
Troubleshoot issues regarding SIEM and other SOC tools.
Build of use case for the customer.
Data archiving and backup and data purging configuration as per need and compliance.
Raising change management tickets for SOC Administration activities like Patch upgrade for SIEM, onboarding log sources etc.
Helping L2 and L1 with required knowledge base details and basic documentations.
Co-ordination with L2 and SOC Monitoring team for troubleshooting issues and highlighting them to clients for further resolution and escalation.
Troubleshooting at device and connector/agent end to fix the anomaly reported by other team and observed on day to day basis.
Building of incident reports, advisories and review if SLA has been met for Incident alerting and Incident closure.
Update and maintain SOC knowledge base for new security incidents and docs.
Creation of daily status report sheet and submit to SOC manager for review.
Review advisories and make necessary detection measures.
Provide analysis and trending of security log data from a large number of security devices.
Troubleshooting non-reporting devices fix and maintain device status.
Working with OEM (Tool support) in a way to resolve the issue or incident raised.
Administration of Windows and Unix servers.
Building Parser for the SIEM using regex.
How we'll help you grow:
IBM is committed to create a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
You'll have access to all the technical, management and leadership training courses you need to become the expert you want to be
You'll learn directly from sales leaders and senior leadership team
You have the opportunity to work in many different areas to figure out what really excites you
Required Technical and Professional Expertise
7 Years of Experience in SIEM administration and SOC.
Escalation point for L2 and SOC Monitor team.
Ability to drive call and summarizing it post discussion.
Handsome experience in SIEM administration and Event flow architecture and different types of logs generated by devices like Windows, Proxy, Network Devices, Database... etc.
Good Understanding of Firewall, IDP/IPS, SIEM functioning (Generalize HLD as well as LLD).
Deep understanding on Windows, DB, Mail cluster, VM and Linux commands.
Knowledge of network protocols TCP/IP and ports.
Team Spirit and working ideas heading to resolution of issues.
Preferred Technical and Professional Expertise
Qualifications like CISA, CISM, CISSP, CEH, SANS or any other recognized qualification in Cybersecurity (SIEM/Qradar certification) will be preferred.
Thorough knowledge in SIEM tool and experience in networking, Cloud security experience will be preferred.
SOC lead experience with multiple customers.
About Business UnitIBM Consulting is IBM's consulting and global professional services business, with market leading capabilities in business and technology transformation. With deep expertise in many industries, we offer strategy, experience, technology, and operations services to many of the most innovative and valuable companies in the world. Our people are focused on accelerating our clients' businesses through the power of collaboration. We believe in the power of technology responsibly used to help people, partners and the planet.
This job requires you to be fully COVID-19 vaccinated prior to your start date and proof of vaccination status will be required before your start date. During the Onboarding process you will be asked to confirm your vaccination status, in case you are unable to get vaccinated for any reason, you can let us know at that stage. Please let us know if you are unable to be vaccinated due to medical or religious reasons. IBM will consider such requests on a case by case basis subject to submission of required proof by the candidate before a stipulated date.
Your Life @ IBMIn a world where technology never stands still, we understand that, dedication to our clients success, innovation that matters, and trust and personal responsibility in all our relationships, lives in what we do as IBMers as we strive to be the catalyst that makes the world work better.
Being an IBMer means you'll be able to learn and develop yourself and your career, you'll be encouraged to be courageous and experiment everyday, all whilst having continuous trust and support in an environment where everyone can thrive whatever their personal or professional background.
Our IBMers are growth minded, always staying curious, open to feedback and learning new information and skills to constantly transform themselves and our company. They are trusted to provide on-going feedback to help other IBMers grow, as well as collaborate with colleagues keeping in mind a team focused approach to include different perspectives to drive exceptional outcomes for our customers. The courage our IBMers have to make critical decisions everyday is essential to IBM becoming the catalyst for progress, always embracing challenges with resources they have to hand, a can-do attitude and always striving for an outcome focused approach within everything that they do.
Are you ready to be an IBMer?
About IBMIBM's greatest invention is the IBMer. We believe that through the application of intelligence, reason and science, we can improve business, society and the human condition, bringing the power of an open hybrid cloud and AI strategy to life for our clients and partners around the world.
Restlessly reinventing since 1911, we are not only one of the largest corporate organizations in the world, we're also one of the biggest technology and consulting employers, with many of the Fortune 50 companies relying on the IBM Cloud to run their business.
At IBM, we pride ourselves on being an early adopter of artificial intelligence, quantum computing and blockchain. Now it's time for you to join us on our journey to being a responsible technology innovator and a force for good in the world.
Location StatementWhen applying to jobs of your interest, we recommend that you do so for those that match your experience and expertise. Our recruiters advise that you apply to not more than 3 roles in a year for the best candidate experience.
For additional information about location requirements, please discuss with the recruiter following submission of your application.
Being You @ IBMIBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.