This job ad has been posted over 30 days ago...

7

applicants

Seinor SIEM Specialist Full-time

at Wipro Ltd in Banglore (Published at 17-10-2018)

Responsibilities
• Design and implementation of QRadar/ArcSight/RSA SA/McAfee Nitro SIEM solution
• Execute projects related to implementation of SOC & IR
• Development of custom use-cases and reports on QRadar/ArcSight/RSA SA/McAfee Nitro SIEM solution;
• Gap analysis and drawing up a roadmap
• Should be able to install, configure, integrate, troubleshoot various SIEM solution and its components
• Should be able to define custom scripts and adapters required for target device addition
• Should be able to configure and troubleshoot log sources (e.g. wincollect, syslog, log source extensions, custom QID entries, event mapping, log source groups, etc.)
• Should be able to configure and troubleshoot flow sources (e.g. different types of flow sources, Jflow, Sflow, netflow, etc.)
• Should be able to perform SIEM performance optimization (e.g. performance limitations, network bandwidth, Disk IO, number of concurrent searches, rules for optimizing EPS, event and flow custom properties, backend scripts, etc.)
• Should be able to diagnose system notifications regarding performance problems or system failures (e.g. dropping events, HA System Failed, I/O error, how to get logs for support tickets, license restrictions, etc.)
• Should be able to plan and perform various platform upgrade activities (SIEM version, Wincollect version, app version etc.)
• Should be able to interact with the IBM support team to raise and resolve PMRs for any platform related issues
• Need to have a good understanding of Custom Event and Flow properties, where they are used, how to create them and troubleshooting issues involving them (e.g. simple regex, 'optimization for rules and searches', scoping to logs sources/events to minimize evaluation frequency, etc.).
• Need to have good understanding of networking architecture, routing principles, TCP/IP, protocols and services
• Assists in the investigation and remediation of security incidents using SIEM QRadar technology, packet captures, reports, data visualization, and pattern analysis
• Should be able to create custom dashboards using QRadar
• Should be able to configure and troubleshoot common administrative settings (e.g. configuration and data backups/restore, retention policies and buckets, routing rules, etc.)
• Should be able to configure and troubleshoot various threat intelligence sources with the SIEM tool using STIX/TAXI format
Experience (8-10 years’ experience)


Recent jobs at Wipro Ltd


Viewed: 499 times
« Go back to category
Is this job ad fake? Report it!   
Recommend to a friend