Senior SIEM (QRadar) Engineer

Las Vegas, NV 88901

Job Category: Engineering Job Number: 135090

Job Title:              Senior SIEM (QRadar) Engineer

Location:              Las Vegas, Nevada, US - 88901

Job Type:              Contract

Duration:              6 Months

About Our Client : Our Client is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions – underpinned by the world’s largest delivery network – Our Client works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With approximately 425,000 people serving clients in more than 120 countries, Our Client drives innovation to improve the way the world works and lives

Job Description:

A Senior Security Engineer (not just analyst) role that brings deep expertise and experience in Security Information & Event Management (SIEM), specifically IBM QRadar, to be able to engage at a technical, hands-on level with various SIEM optimization initiatives. This person will have advanced subject matter expertise in the build, configuration, day to day administration, maintenance and tuning activities, along with in depth knowledge of the various capabilities, integrations and applications available within on prem, cloud and MSSP managed QRadar instances. They will also have a demonstrated deep understanding of security fundamentals and associated SIEM options, in order to advise at all levels of the security engagement including architecture, design, and configuration review.

Desired Critical QRADAR Service Areas Of Experience:

  • Management of hosts (architecture) and licenses
  • Log source setup, integration, validation and optimization
  • Use case, rules and detection signature creation, tuning, development and extension
  • Integrate and optimize Intelligence feeds and workflow 
  • Create, update, run and distribute reports
  • Create custom parsers (DSM editing), offenses, alerts, response correlations, automation and workflows
  • Build and tune correlation rules to eliminate false positives and identify possible false negative instances
  • Platform upgrade, patching and migration experience
  • Creation of detection mapping against the MITRE ATT&CK framework to identify and close gaps

Essential Duties & Responsibilities:

  • Provide technical leadership, solution design, and hands-on development support of security controls for infrastructure and software deployments
  • Develop Threat Models and Perform Security Health Checks of the hybrid on prem multi cloud environments
  • Develop and deliver training content and playbook content for SOC I analysts
  • API and application integration
  • Review, cleanup and optimization of logs, rules, parsers, log sources, offenses and reports
  • SIEM evolution and expansion into security orchestration, automation and response (SOAR) capability.  SOAR for Boyd incorporates all 3 components per Gartner: Security
  • Orchestration and automation (SOA) + Security Incident Response Platforms (SIR) + Threat Intelligence Platforms (TIP), of which the SIEM will be a critical component. 
  • Collaborate cross-functionally and engage with all levels of leadership to gather requirements, build appropriate SIEM security technology roadmaps and implementation plans
  • Interface with IT Risk Management and Compliance to coordinate related policy and procedures, and to provide for the appropriate flow of information regarding risk treatment
  • Ambassador for Security in Architecture review meetings and sessions
  • Responsible for the scheduling, testing and implementation of enhancements or new releases of features in compliance with the Boyd change management process

Requirements:

Must Have’s :

Capabilities :

  • Able to effectively research, analyze and resolve complex problems
  • Excellent analytical and problem-solving skills as well as interpersonal skills needed to effectively interact with users, team members and senior management
  • Clear and concise written and oral English, including the ability to create technical and procedural documentation
  • Strong technical writing skills and the ability to explain complex problems to nontechnical teams
  • Strong communication skills and ability to engage with customers to understand and realize their requirements
  • Capability to multi-task, prioritize work and handle competing priorities
  • Take ownership of customer configuration issues and work with existing MSSP to track through resolution

Experience:

  • Experience with multiple attack vectors such as Malware, Trojans, Exploit kits, Ransomware and Phishing techniques
  • TCP/IP network skills to perform packet and log analysis
  • Hands-on expert level experience with Qradar administration, tuning and optimization
  • Extensive administrative level Unix/Linux command line experience
  • Must have experience in security monitoring/incident handling 
  • Minimum of 2 years Qradar experience at Engineer level
  • An understanding of a wide array of server grade applications such as: DNS, SMTP, IIS, Apache, Active Directory, Identity Management, Patch Management, Vulnerability Management and Scanning, LDAP, SQL and others
  • Knowledge of security controls frameworks such as NIST CSF, NIST 800-92 and 800-137, ISO 27001, or CIS Critical Security Controls
  • Experience working with SOC and Incident Response teams
  • Experience in handling security incidents from end to end
  • Will take the initiative and ownership of maturing SIEM technologies and processes
  • Security engineering, system and/or network security experience

Nice To Have’s:

Experience:

  • Authentication, Security firewalls & other security protocol experience
  • Experience in the management and configuration of FIM, SIEM, DLP, VPN, Firewall, IDS, IPS, and Malware products
  • Experience with Network segmentation, Firewalls, and proxy configurations
  • Software development or infrastructure experience
  • Hold IBM Qradar SIEM related Certifications and Badges
  • Minimum of 5 years Qradar experience at Engineer or Architect level

Reach Out To A Recruiter

Recruiter:             Mukesh Sharma

Email:                   mukeshs@askstaffing.com

Phone:                   678-785-3381

Mukesh Sharma
Sr Delivery Manager

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.